cckellogg commented on a change in pull request #10685:
URL: https://github.com/apache/pulsar/pull/10685#discussion_r640748222
##########
File path:
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/OneStageAuthenticationState.java
##########
@@ -35,20 +38,36 @@
public class OneStageAuthenticationState implements AuthenticationState {
private final AuthenticationDataSource authenticationDataSource;
- private final String authRole;
+ private List<String> authRoles;
public OneStageAuthenticationState(AuthData authData,
SocketAddress remoteAddress,
SSLSession sslSession,
AuthenticationProvider provider) throws
AuthenticationException {
this.authenticationDataSource = new AuthenticationDataCommand(
new String(authData.getBytes(), UTF_8), remoteAddress, sslSession);
- this.authRole = provider.authenticate(authenticationDataSource);
+ try {
+ this.authRoles = provider.authenticate(authenticationDataSource,
true);
+ } catch (AuthenticationException e) {
+ if (e.getMessage().equals(MULTI_ROLE_NOT_SUPPORTED)) {
+ this.authRoles =
Collections.singletonList(provider.authenticate(authenticationDataSource));
+ } else {
+ throw e;
+ }
+ }
}
@Override
public String getAuthRole() {
- return authRole;
+ if (authRoles == null || authRoles.isEmpty()) {
+ return null;
+ }
+ return authRoles.get(0);
+ }
+
+ @Override
+ public List<String> getAuthRoles() {
+ return authRoles;
Review comment:
Avoid returning a possible empty collection
##########
File path:
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java
##########
@@ -144,14 +145,29 @@ public String getAuthMethodName() {
@Override
public String authenticate(AuthenticationDataSource authData) throws
AuthenticationException {
+ List<String> principals = authenticate(authData, false);
+ if (principals == null) {
+ return null;
+ }
+ return principals.get(0);
+ }
+
+ @Override
+ public List<String> authenticate(AuthenticationDataSource authData,
boolean multiRoles) throws AuthenticationException {
try {
// Get Token
String token;
token = getToken(authData);
// Parse Token by validating
- String role = getPrincipal(authenticateToken(token));
+ List<String> principals = getPrincipals(authenticateToken(token));
AuthenticationMetrics.authenticateSuccess(getClass().getSimpleName(),
getAuthMethodName());
- return role;
+ if (multiRoles) {
+ return principals;
+ } else if (principals == null) { // Empty list check has been done
in getPrincipals.
+ return null;
Review comment:
Avoid returning null for collections always return an empty collection
instead
##########
File path:
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/OneStageAuthenticationState.java
##########
@@ -35,20 +38,33 @@
public class OneStageAuthenticationState implements AuthenticationState {
private final AuthenticationDataSource authenticationDataSource;
- private final String authRole;
+ private List<String> authRoles;
public OneStageAuthenticationState(AuthData authData,
SocketAddress remoteAddress,
SSLSession sslSession,
AuthenticationProvider provider) throws
AuthenticationException {
this.authenticationDataSource = new AuthenticationDataCommand(
new String(authData.getBytes(), UTF_8), remoteAddress, sslSession);
- this.authRole = provider.authenticate(authenticationDataSource);
+ try {
+ this.authRoles = provider.authenticate(authenticationDataSource,
true);
Review comment:
This will always throw an exception with older providers and I think
it's better to have a flag instead of checking a string value in an exception.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
