Example 1 with FeatureFlags
use of org.apache.pulsar.common.api.proto.FeatureFlags in project pulsar by apache.
the class ServerCnx method handleConnect.
@Override
protected void handleConnect(CommandConnect connect) {
checkArgument(state == State.Start);
if (log.isDebugEnabled()) {
log.debug("Received CONNECT from {}, auth enabled: {}:" + " has original principal = {}, original principal = {}", remoteAddress, service.isAuthenticationEnabled(), connect.hasOriginalPrincipal(), connect.hasOriginalPrincipal() ? connect.getOriginalPrincipal() : null);
}
String clientVersion = connect.getClientVersion();
int clientProtocolVersion = connect.getProtocolVersion();
features = new FeatureFlags();
if (connect.hasFeatureFlags()) {
features.copyFrom(connect.getFeatureFlags());
}
if (!service.isAuthenticationEnabled()) {
completeConnect(clientProtocolVersion, clientVersion);
return;
}
try {
byte[] authData = connect.hasAuthData() ? connect.getAuthData() : emptyArray;
AuthData clientData = AuthData.of(authData);
// init authentication
if (connect.hasAuthMethodName()) {
authMethod = connect.getAuthMethodName();
} else if (connect.hasAuthMethod()) {
// Legacy client is passing enum
authMethod = connect.getAuthMethod().name().substring(10).toLowerCase();
} else {
authMethod = "none";
}
authenticationProvider = getBrokerService().getAuthenticationService().getAuthenticationProvider(authMethod);
// In AuthenticationDisabled, it will set authMethod "none".
if (authenticationProvider == null) {
authRole = getBrokerService().getAuthenticationService().getAnonymousUserRole().orElseThrow(() -> new AuthenticationException("No anonymous role, and no authentication provider configured"));
completeConnect(clientProtocolVersion, clientVersion);
return;
}
// init authState and other var
ChannelHandler sslHandler = ctx.channel().pipeline().get(PulsarChannelInitializer.TLS_HANDLER);
SSLSession sslSession = null;
if (sslHandler != null) {
sslSession = ((SslHandler) sslHandler).engine().getSession();
}
authState = authenticationProvider.newAuthState(clientData, remoteAddress, sslSession);
if (log.isDebugEnabled()) {
log.debug("[{}] Authenticate role : {}", remoteAddress, authState != null ? authState.getAuthRole() : null);
}
state = doAuthentication(clientData, clientProtocolVersion, clientVersion);
// 3. no credentials were passed
if (connect.hasOriginalPrincipal() && service.getPulsar().getConfig().isAuthenticateOriginalAuthData()) {
// init authentication
String originalAuthMethod;
if (connect.hasOriginalAuthMethod()) {
originalAuthMethod = connect.getOriginalAuthMethod();
} else {
originalAuthMethod = "none";
}
AuthenticationProvider originalAuthenticationProvider = getBrokerService().getAuthenticationService().getAuthenticationProvider(originalAuthMethod);
if (originalAuthenticationProvider == null) {
throw new AuthenticationException(String.format("Can't find AuthenticationProvider for original role" + " using auth method [%s] is not available", originalAuthMethod));
}
originalAuthState = originalAuthenticationProvider.newAuthState(AuthData.of(connect.getOriginalAuthData().getBytes()), remoteAddress, sslSession);
originalAuthData = originalAuthState.getAuthDataSource();
originalPrincipal = originalAuthState.getAuthRole();
if (log.isDebugEnabled()) {
log.debug("[{}] Authenticate original role : {}", remoteAddress, originalPrincipal);
}
} else {
originalPrincipal = connect.hasOriginalPrincipal() ? connect.getOriginalPrincipal() : null;
if (log.isDebugEnabled()) {
log.debug("[{}] Authenticate original role (forwarded from proxy): {}", remoteAddress, originalPrincipal);
}
}
} catch (Exception e) {
service.getPulsarStats().recordConnectionCreateFail();
logAuthException(remoteAddress, "connect", getPrincipal(), Optional.empty(), e);
String msg = "Unable to authenticate";
ctx.writeAndFlush(Commands.newError(-1, ServerError.AuthenticationError, msg));
close();
}
}
Also used :
AuthData(org.apache.pulsar.common.api.AuthData)
AuthenticationException(javax.naming.AuthenticationException)
SSLSession(javax.net.ssl.SSLSession)
AuthenticationProvider(org.apache.pulsar.broker.authentication.AuthenticationProvider)
FeatureFlags(org.apache.pulsar.common.api.proto.FeatureFlags)
ChannelHandler(io.netty.channel.ChannelHandler)
SslHandler(io.netty.handler.ssl.SslHandler)
ServiceUnitNotReadyException(org.apache.pulsar.broker.service.BrokerServiceException.ServiceUnitNotReadyException)
RestException(org.apache.pulsar.broker.web.RestException)
InterceptException(org.apache.pulsar.common.intercept.InterceptException)
TopicNotFoundException(org.apache.pulsar.broker.service.BrokerServiceException.TopicNotFoundException)
ServerMetadataException(org.apache.pulsar.broker.service.BrokerServiceException.ServerMetadataException)
AuthenticationException(javax.naming.AuthenticationException)
PulsarClientException(org.apache.pulsar.client.api.PulsarClientException)
SubscriptionNotFoundException(org.apache.pulsar.broker.service.BrokerServiceException.SubscriptionNotFoundException)
ManagedLedgerException(org.apache.bookkeeper.mledger.ManagedLedgerException)
IncompatibleSchemaException(org.apache.pulsar.broker.service.schema.exceptions.IncompatibleSchemaException)
CoordinatorException(org.apache.pulsar.transaction.coordinator.exceptions.CoordinatorException)
NoSuchElementException(java.util.NoSuchElementException)
ConsumerBusyException(org.apache.pulsar.broker.service.BrokerServiceException.ConsumerBusyException)
Aggregations
ChannelHandler (io.netty.channel.ChannelHandler)1
SslHandler (io.netty.handler.ssl.SslHandler)1
NoSuchElementException (java.util.NoSuchElementException)1
AuthenticationException (javax.naming.AuthenticationException)1
SSLSession (javax.net.ssl.SSLSession)1
ManagedLedgerException (org.apache.bookkeeper.mledger.ManagedLedgerException)1
AuthenticationProvider (org.apache.pulsar.broker.authentication.AuthenticationProvider)1
ConsumerBusyException (org.apache.pulsar.broker.service.BrokerServiceException.ConsumerBusyException)1
ServerMetadataException (org.apache.pulsar.broker.service.BrokerServiceException.ServerMetadataException)1
ServiceUnitNotReadyException (org.apache.pulsar.broker.service.BrokerServiceException.ServiceUnitNotReadyException)1
SubscriptionNotFoundException (org.apache.pulsar.broker.service.BrokerServiceException.SubscriptionNotFoundException)1
TopicNotFoundException (org.apache.pulsar.broker.service.BrokerServiceException.TopicNotFoundException)1
IncompatibleSchemaException (org.apache.pulsar.broker.service.schema.exceptions.IncompatibleSchemaException)1
RestException (org.apache.pulsar.broker.web.RestException)1
PulsarClientException (org.apache.pulsar.client.api.PulsarClientException)1
AuthData (org.apache.pulsar.common.api.AuthData)1
FeatureFlags (org.apache.pulsar.common.api.proto.FeatureFlags)1
InterceptException (org.apache.pulsar.common.intercept.InterceptException)1
CoordinatorException (org.apache.pulsar.transaction.coordinator.exceptions.CoordinatorException)1
