RobertIndie commented on a change in pull request #10685:
URL: https://github.com/apache/pulsar/pull/10685#discussion_r640251663
##########
File path:
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProvider.java
##########
@@ -66,6 +69,10 @@ default String authenticate(AuthenticationDataSource
authData) throws Authentica
throw new AuthenticationException("Not supported");
}
+ default List<String> authenticate(AuthenticationDataSource authData,
boolean multiRoles) throws AuthenticationException {
Review comment:
In some use cases, users need to use a set of roles for authorization
instead of just one role. Authentication Provider should return all the roles
and pass them to the authorization provider. In ServereCnx, we are using the
auth Roles that returned from the authentication provider to authorize. I think
it is necessary to let the authentication provider return a set of roles.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
