From 1935f070cf29d727f2b400139f05ba0d35dd5017 Mon Sep 17 00:00:00 2001
From: Michael Marshall <mmarshall@apache.org>
Date: Thu, 16 Feb 2023 22:37:16 -0600
Subject: [PATCH] [fix][broker] Call originalAuthState.authenticate in
 ServerCnx

This change was introduced by https://github.com/apache/pulsar/pull/19295.

That PR had more changes than are worth cherry-picking, though, so this
commit only has the additional call to authenticate the original auth data.
As a result, this commit is slightly less efficient because in some
implementations, the authdata will be validated twice.

(cherry picked from commit f9727ca7c18628d03362783a8feb8ce73bc67d07)
---
 .../main/java/org/apache/pulsar/broker/service/ServerCnx.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
index e6e20707ef2a8..851058dc811b4 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
@@ -847,10 +847,12 @@ protected void handleConnect(CommandConnect connect) {
                                     + " using auth method [%s] is not available", originalAuthMethod));
                 }
 
+                AuthData originalAuthDataCopy =  AuthData.of(connect.getOriginalAuthData().getBytes());
                 originalAuthState = originalAuthenticationProvider.newAuthState(
-                        AuthData.of(connect.getOriginalAuthData().getBytes()),
+                        originalAuthDataCopy,
                         remoteAddress,
                         sslSession);
+                originalAuthState.authenticate(originalAuthDataCopy);
                 originalAuthData = originalAuthState.getAuthDataSource();
                 originalPrincipal = originalAuthState.getAuthRole();