[pulsar] branch master updated: [Issue 7711][pulsar-broker] Use original role instead of proxy role to check permissions (#7712)

Wed, 05 Aug 2020 01:50:48 -0700 

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 5546c5f  [Issue 7711][pulsar-broker] Use original role instead of 
proxy role to check permissions (#7712)
5546c5f is described below

commit 5546c5fed6487faf7e7bb5023eb936573aa929bf
Author: Sergii Zhevzhyk <[email protected]>
AuthorDate: Wed Aug 5 10:50:11 2020 +0200

    [Issue 7711][pulsar-broker] Use original role instead of proxy role to 
check permissions (#7712)
    
    Fixes #7711
    
    ### Motivation
    
    A client can have more permissions than its original role allows and it is 
a security violation.
    
    ### Modifications
    
    Use the original role (if available) instead of the proxy role to check if 
a client is allowed to consume or produce messages.
---
 .../pulsar/broker/authorization/PulsarAuthorizationProvider.java    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
index a394311..d7cea44 100644
--- 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
+++ 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
@@ -555,11 +555,11 @@ public class PulsarAuthorizationProvider implements 
AuthorizationProvider {
         CompletableFuture<Boolean> isAuthorizedFuture;
 
         switch (operation) {
-            case LOOKUP: isAuthorizedFuture = canLookupAsync(topicName, role, 
authData);
+            case LOOKUP: isAuthorizedFuture = canLookupAsync(topicName, 
StringUtils.isBlank(originalRole) ? role : originalRole, authData);
                 break;
-            case PRODUCE: isAuthorizedFuture= canProduceAsync(topicName, role, 
authData);
+            case PRODUCE: isAuthorizedFuture = canProduceAsync(topicName, 
StringUtils.isBlank(originalRole) ? role : originalRole, authData);
                 break;
-            case CONSUME: isAuthorizedFuture = canConsumeAsync(topicName, 
role, authData, authData.getSubscription());
+            case CONSUME: isAuthorizedFuture = canConsumeAsync(topicName, 
StringUtils.isBlank(originalRole) ? role : originalRole, authData, 
authData.getSubscription());
                 break;
             default: isAuthorizedFuture = FutureUtil.failedFuture(
                     new IllegalStateException("TopicOperation is not 
supported."));

Reply via email to