pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] eolivelli commented on a change in pull request #3677: [WIP]PIP-30: interface and mutual change authentication
Date Sat, 23 Feb 2019 15:05:56 GMT
eolivelli commented on a change in pull request #3677: [WIP]PIP-30: interface and mutual change
authentication
URL: https://github.com/apache/pulsar/pull/3677#discussion_r259581560
 
 

 ##########
 File path: pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
 ##########
 @@ -446,36 +453,68 @@ private String getOriginalPrincipal(String originalAuthData, String
originalAuth
         return originalPrincipal;
     }
 
+    private boolean isMutualAuthenticationMethod() {
+        return false;
+    }
+
     @Override
     protected void handleConnect(CommandConnect connect) {
         checkArgument(state == State.Start);
         if (service.isAuthenticationEnabled()) {
             try {
-                String authMethod = "none";
                 if (connect.hasAuthMethodName()) {
                     authMethod = connect.getAuthMethodName();
                 } else if (connect.hasAuthMethod()) {
                     // Legacy client is passing enum
                     authMethod = connect.getAuthMethod().name().substring(10).toLowerCase();
                 }
 
-                String authData = connect.getAuthData().toStringUtf8();
-                ChannelHandler sslHandler = ctx.channel().pipeline().get(PulsarChannelInitializer.TLS_HANDLER);
-                SSLSession sslSession = null;
-                if (sslHandler != null) {
-                    sslSession = ((SslHandler) sslHandler).engine().getSession();
-                }
-                originalPrincipal = getOriginalPrincipal(
+                byte[] clientData = connect.getAuthData().toByteArray();
+
+                // init authenticationState.
+                if (authState == null) {
+                    ChannelHandler sslHandler = ctx.channel().pipeline().get(PulsarChannelInitializer.TLS_HANDLER);
+                    SSLSession sslSession = null;
+                    if (sslHandler != null) {
+                        sslSession = ((SslHandler) sslHandler).engine().getSession();
+                    }
+                    originalPrincipal = getOriginalPrincipal(
                         connect.hasOriginalAuthData() ? connect.getOriginalAuthData() : null,
                         connect.hasOriginalAuthMethod() ? connect.getOriginalAuthMethod()
: null,
                         connect.hasOriginalPrincipal() ? connect.getOriginalPrincipal() :
null,
                         sslSession);
-                authenticationData = new AuthenticationDataCommand(authData, remoteAddress,
sslSession);
-                authRole = getBrokerService().getAuthenticationService()
-                        .authenticate(authenticationData, authMethod);
 
-                log.info("[{}] Client successfully authenticated with {} role {} and originalPrincipal
{}", remoteAddress, authMethod, authRole, originalPrincipal);
-            } catch (AuthenticationException e) {
+                    authenticationProvider = getBrokerService()
+                        .getAuthenticationService()
+                        .getAuthenticationProvider(authMethod);
+
+                    if (isMutualAuthenticationMethod()) {
+                        authenticationData = authenticationProvider.getAuthDataSource();
+                    } else {
+                        authenticationData = new AuthenticationDataCommand(
+                            new String(clientData, Charset.forName("UTF-8")), remoteAddress,
sslSession);
 
 Review comment:
   Nit: why not using StandardCharsets.UTF8 ?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message