pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] jai1 opened a new pull request #1707: Fixed authentication flow via Pulsar Proxy
Date Wed, 02 May 2018 06:15:49 GMT
jai1 opened a new pull request #1707: Fixed authentication flow via Pulsar Proxy
URL: https://github.com/apache/incubator-pulsar/pull/1707
 
 
   Currently, the broker/proxy authenticates the proxy/client when the connection is established
(via `Server.handleConnect` or `ProxyConnection.handleConnect`) after that we cache the `authRole`
we extract. The connection persists long after the `authData` expires since we use the cached
`authRole` then onwards.
   
   In https://github.com/apache/incubator-pulsar/pull/1169 in order to preserve the Connection
pool in ProxyLookupHandler, I changed the proxy code to cache the client `authData` and forward
it to authenticate during `lookups` and `getPartitionMetaData` what I failed to see was that
if the client `authData` expires broker will reject the lookups, since we are sending old
Client `authData`.
   
   The fix for this is that for lookups instead of maintaining a single connection pool in
proxy we maintain one connection pool per client connection and authenticate both the client
and the proxy only when a new connection is created.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message