Re: [DISCUSS] Proxy should always forward the authentication data from the client

2022-11-02 Thread Zixuan Liu
> I think the right solution to this problem is better documentation. Sounds good, but I worry that the user cannot set up the correct configuration. As infrastructure, we need to ensure the security of users at all times. > The main users that need to know how to configure broker side authoriza

Re: [DISCUSS] Proxy should always forward the authentication data from the client

2022-11-01 Thread Michael Marshall
> We have a flag to control the value of authentication data. See > https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConnection.java#L316-L322 Great point. I missed the `forwardAuthorizationCredentials` se

Re: [DISCUSS] Proxy should always forward the authentication data from the client

2022-10-31 Thread Zixuan Liu
> This is already the case for both HTTP and pulsar protocols We have a flag to control the value of authentication data. See https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConnection.java#L316-L322 . >

Re: [DISCUSS] Proxy should always forward the authentication data from the client

2022-10-31 Thread Michael Marshall
Thanks for starting this thread, Zixuan. For additional context, I provided some related feedback in comments on this PR: https://github.com/apache/pulsar/pull/18130. > So I suggest the proxy should always forward the authentication data from > the client. This is already the case for both HTTP