[fix][broker] Continue using the next provider for authentication if one fails #23797
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…one fails Signed-off-by: Zixuan Liu <nodeces@gmail.com>
nodece
requested review from
lhotari,
tuteng,
dao-jun,
poorbarcode,
liudezhi2098 and
michaeljmarshall
nodece
added
type/bug
|
/pulsarbot rerun-failure-checks |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #23797 +/- ##
=============================================
- Coverage 73.57% 39.38% -34.20%
+ Complexity 32624 13104 -19520
=============================================
Files 1877 1796 -81
Lines 139502 139415 -87
Branches 15299 15822 +523
=============================================
- Hits 102638 54906 -47732
- Misses 28908 77315 +48407
+ Partials 7956 7194 -762
Flags with carried forward coverage won't be shown. Click here to find out more.
|
dao-jun
approved these changes
Jan 1, 2025
liudezhi2098
approved these changes
Jan 1, 2025
|
/pulsarbot rerun-failure-checks |
nikhil-ctds
pushed a commit
to datastax/pulsar
that referenced
this pull request
Jan 3, 2025
…one fails (apache#23797) Signed-off-by: Zixuan Liu <nodeces@gmail.com> (cherry picked from commit 7619e2f) Signed-off-by: Zixuan Liu <nodeces@gmail.com> (cherry picked from commit 62170e7)
srinath-ctds
pushed a commit
to datastax/pulsar
that referenced
this pull request
Jan 3, 2025
…one fails (apache#23797) Signed-off-by: Zixuan Liu <nodeces@gmail.com> (cherry picked from commit 7619e2f) Signed-off-by: Zixuan Liu <nodeces@gmail.com> (cherry picked from commit 62170e7)
4 tasks
|
This PR only fixes pulsar chain authentication, not HTTP authentication. The HTTP authentication has some issues, please see #23842. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
When using Pulsar admin version 2.10.x with JWT authentication and a broker running 3.0.x (forked from Apache Pulsar) configured with both Kerberos and JWT authentication providers.
When a request is without the authentication method name, the broker iterates through each authentication provider to authenticate the request, if authentication data is valid, the broker acts on the request. In this scenario, I ensured that the JWT provider was configured correctly and the token was valid. However, I still encountered an authentication error.
The root cause is that the
AuthenticationProviderListonly catches theAuthenticationExceptionexception, If an authentication provider throws an exception of a different type, the authentication process will be terminated.Modifications
AuthenticationProviderListcatches theExceptionexception, and then uses theAuthenticationExceptionto wrap the original exception.Documentation
docdoc-requireddoc-not-neededdoc-complete