[GitHub] [pulsar] Ankita-Chaudhari opened a new issue #13743: JWT authentication and authorization not working on standalone cluster

[GitBox]

Ankita-Chaudhari opened a new issue #13743:
URL: https://github.com/apache/pulsar/issues/13743


   **Describe the bug**
   I'm trying to add JWT authentication and Authorization on a standalone 
apache pulsar, but seems it is not working for me.
   So basically right now the state is: Without token -- Client is able to 
produce and consume messages.
   
   **To Reproduce**
   Steps to reproduce
   1.   Create Tenant with admin roles
   pulsar-admin tenants create my-first-tenant --admin-roles testadmin
   
   2.    Create Namespace under tenant
   pulsar-admin namespaces create my-first-tenant/my-first-namespace
   
   3.    Create non-partitioned topic
   pulsar-admin topics create 
persistent://my-first-tenant/my-first-namespace/my-first-topic
   
   pulsar-admin namespaces grant-permission my-first-tenant/my-first-namespace 
--role testadmin --actions produce,consume
   
   4.    Create secret key
   pulsar tokens create-secret-key --output  /home/xxx/secret.key --base64
   
   5.    Generate token using secret key
   pulsar tokens create --secret-key file:///home/xxx/secret.key --subject 
testadmin
   
   Changes made to the broker.conf
   •    
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
   •    
authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider
   •    brokerClientTlsEnabled=true  #false
   •    
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
 #
   •    brokerClientAuthenticationParameters={"token":"value of token"}
   •    
tokenSecretKey=file:///home/ankita/Acrolinx/apache-pulsar-2.9.1/tokens/secret.key
   •    proxyRoles=testadmin
   •    superUserRoles=testadmin
   
   Chnages made to proxy.conf
   •    authenticationEnabled=true
   •    authorizationEnabled=true
   •    
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
   •    tokenSecretKey=file:///path/to/secret.key
   •    superUserRoles=testadmin
   •    
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
   •    brokerClientAuthenticationParameters={"token":"value of token"}
   •    forwardAuthorizationCredentials=true
   
   Changes made to Standalone.conf
   •    authenticationEnabled=true
   •    authorizationEnabled=true
   •    
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
   •    tokenSecretKey=file:///path/to/secret.key
   •    superUserRoles=testadmin
   •    
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
   •    brokerClientAuthenticationParameters={"token":"value of token"}
   
   Changes made to client.conf
   •    authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
   •    authParams=token:value of token
   
   
   **Expected behavior**
   I expect the client should not be able to produce or consume messages 
without token
   
   **Screenshots**
   If applicable, add screenshots to help explain your problem.
   
   **Desktop (please complete the following information):**
    - OS: [Debian]
   
   **Additional context**
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org