acsaki commented on code in PR #12179:
URL: https://github.com/apache/kafka/pull/12179#discussion_r888812184
##########
clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticator.java:
##########
@@ -679,10 +679,11 @@ private long
calcCompletionTimesAndReturnSessionLifetimeMs() {
else if (connectionsMaxReauthMs == null)
retvalSessionLifetimeMs =
zeroIfNegative(credentialExpirationMs - authenticationEndMs);
else
- retvalSessionLifetimeMs = zeroIfNegative(
- Math.min(credentialExpirationMs -
authenticationEndMs, connectionsMaxReauthMs));
+ retvalSessionLifetimeMs =
zeroIfNegative(Math.min(credentialExpirationMs - authenticationEndMs,
connectionsMaxReauthMs));
- sessionExpirationTimeNanos = authenticationEndNanos + 1000 *
1000 * retvalSessionLifetimeMs;
+ if (connectionsMaxReauthMs != null) {
Review Comment:
@showuon this is what I've also found rather confusing. I agree that after
the token expires the connection should be closed sooner or later which isn't
going to happen when sessionExpirationTimeNanos is not set. While there is the
Authenticator interface where comments suggest that
#serverSessionExpirationTimeNanos should be left as null when re-authentication
is "disabled". Does it make sense for reauth to be disabled? Or rather there
are some clients or SASL mechanisms where we don't expect reauthentication to
ever happen?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
