dragonls opened a new issue #10221: URL: https://github.com/apache/pulsar/issues/10221
**Describe the bug** I am using pulsar cluster on k8s, deployed by `pulsar-helm-chart`, having `proxy` component and using JWT for authentication. If one namespace change the subscription authentication mode from `None` to `Prefix`, the consume can not subscribe the topic even having the valid role prefix. **To Reproduce** Steps to reproduce the behavior: 1. Using pulsar cluster on k8s, having `proxy` component and using JWT for authentication 2. Set the subscription authentication mode of one namespace from `None` to `Prefix`, e.g. namespace `test/auth` 3. Add a subscription `roleA-test` of topic `persistent://test/auth/topic` 3. Use role `roleA` to consume the topic `persistent://test/auth/topic` **Expected behavior** The consumer should subscribe and consume the topic normally. **Screenshots** The consumer get the error `org.apache.pulsar.client.api.PulsarClientException$AuthorizationException: Failed to subscribe ...`  **Desktop (please complete the following information):** - OS: Linux **Additional context** The broker log: ``` 20:31:48.269 [pulsar-io-25-4] INFO org.apache.pulsar.broker.service.ServerCnx - New connection from /9.165.129.25:52986 20:31:48.281 [pulsar-io-25-4] INFO org.apache.pulsar.broker.service.ServerCnx - [/9.165.129.25:52986] org.apache.pulsar.broker.PulsarServerException: Failed to create consumer - The subscription name needs to be prefixed by the authentication role, like proxy-admin-xxxx for topic: persistent://test/auth/p1-partition-0 with role roleA ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
