| <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><title>Token authentication admin · Apache Pulsar</title><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta name="generator" content="Docusaurus"/><meta name="description" content="## Token Authentication Overview"/><meta name="docsearch:version" content="2.7.2"/><meta name="docsearch:language" content="en"/><meta property="og:title" content="Token authentication admin · Apache Pulsar"/><meta property="og:type" content="website"/><meta property="og:url" content="https://pulsar.apache.org/"/><meta property="og:description" content="## Token Authentication Overview"/><meta name="twitter:card" content="summary"/><meta name="twitter:image" content="https://pulsar.apache.org/img/pulsar.svg"/><link rel="shortcut icon" href="/img/pulsar.ico"/><link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css"/><link rel="alternate" type="application/atom+xml" href="https://pulsar.apache.org/blog/atom.xml" title="Apache Pulsar Blog ATOM Feed"/><link rel="alternate" type="application/rss+xml" href="https://pulsar.apache.org/blog/feed.xml" title="Apache Pulsar Blog RSS Feed"/><link rel="stylesheet" href="/css/code-blocks-buttons.css"/><script type="text/javascript" src="https://buttons.github.io/buttons.js"></script><script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.0/clipboard.min.js"></script><script type="text/javascript" src="/js/custom.js"></script><script src="/js/scrollSpy.js"></script><link rel="stylesheet" href="/css/main.css"/><script src="/js/codetabs.js"></script></head><body class="sideNavVisible separateOnPageNav"><div class="fixedHeaderContainer"><div class="headerWrapper wrapper"><header><a href="/en"><img class="logo" src="/img/pulsar.svg" alt="Apache Pulsar"/></a><a href="/en/versions"><h3>2.7.2</h3></a><div class="navigationWrapper navigationSlider"><nav class="slidingNav"><ul class="nav-site nav-site-internal"><li class=""><a href="/docs/en/2.7.2/getting-started-standalone" target="_self">Docs</a></li><li class=""><a href="/en/download" target="_self">Download</a></li><li class=""><a href="/docs/en/2.7.2/client-libraries" target="_self">Clients</a></li><li class=""><a href="#restapis" target="_self">REST APIs</a></li><li class=""><a href="#cli" target="_self">Cli</a></li><li class=""><a href="/blog/" target="_self">Blog</a></li><li class=""><a href="#community" target="_self">Community</a></li><li class=""><a href="#apache" target="_self">Apache</a></li><li class=""><a href="https://pulsar-next.staged.apache.org/" target="_self">New Website (Beta)</a></li><span><li><a id="languages-menu" href="#"><img class="languages-icon" src="/img/language.svg" alt="Languages icon"/>English</a><div id="languages-dropdown" class="hide"><ul id="languages-dropdown-items"><li><a href="/docs/ja/2.7.2/security-token-admin">日本語</a></li><li><a href="/docs/fr/2.7.2/security-token-admin">Français</a></li><li><a href="/docs/ko/2.7.2/security-token-admin">한국어</a></li><li><a href="/docs/zh-CN/2.7.2/security-token-admin">中文</a></li><li><a href="/docs/zh-TW/2.7.2/security-token-admin">繁體中文</a></li><li><a href="https://crowdin.com/project/apache-pulsar" target="_blank" rel="noreferrer noopener">Help Translate</a></li></ul></div></li><script> |
| const languagesMenuItem = document.getElementById("languages-menu"); |
| const languagesDropDown = document.getElementById("languages-dropdown"); |
| languagesMenuItem.addEventListener("click", function(event) { |
| event.preventDefault(); |
| |
| if (languagesDropDown.className == "hide") { |
| languagesDropDown.className = "visible"; |
| } else { |
| languagesDropDown.className = "hide"; |
| } |
| }); |
| </script></span></ul></nav></div></header></div></div><div class="navPusher"><div class="docMainWrapper wrapper"><div class="container mainContainer docsContainer"><div class="wrapper"><div class="post"><header class="postHeader"><a class="edit-page-link button" href="https://github.com/apache/pulsar/edit/master/site2/docs/security-token-admin.md" target="_blank" rel="noreferrer noopener">Edit</a><h1 id="__docusaurus" class="postHeaderTitle">Token authentication admin</h1></header><article><div><span><h2><a class="anchor" aria-hidden="true" id="token-authentication-overview"></a><a href="#token-authentication-overview" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Token Authentication Overview</h2> |
| <p>Pulsar supports authenticating clients using security tokens that are based on |
| <a href="https://jwt.io/introduction/">JSON Web Tokens</a> (<a href="https://tools.ietf.org/html/rfc7519">RFC-7519</a>).</p> |
| <p>Tokens are used to identify a Pulsar client and associate with some "principal" (or "role") which |
| will be then granted permissions to do some actions (eg: publish or consume from a topic).</p> |
| <p>A user will typically be given a token string by an administrator (or some automated service).</p> |
| <p>The compact representation of a signed JWT is a string that looks like:</p> |
| <pre><code class="hljs"> eyJhbGciOiJIUzI<span class="hljs-number">1</span><span class="hljs-symbol">NiJ9</span>.eyJzdWIiOiJKb<span class="hljs-number">2</span>UifQ.ipevR<span class="hljs-symbol">NuRP6</span>Hfl<span class="hljs-name">G8</span>cFK<span class="hljs-symbol">nmUPtypruRC4</span>fb<span class="hljs-number">1</span>DWtoLL<span class="hljs-number">62</span>SY |
| </code></pre> |
| <p>Application will specify the token when creating the client instance. An alternative is to pass |
| a "token supplier", that is to say a function that returns the token when the client library |
| will need one.</p> |
| <blockquote> |
| <h4><a class="anchor" aria-hidden="true" id="always-use-tls-transport-encryption"></a><a href="#always-use-tls-transport-encryption" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Always use TLS transport encryption</h4> |
| <p>Sending a token is equivalent to sending a password over the wire. It is strongly recommended to |
| always use TLS encryption when talking to the Pulsar service. See |
| <a href="/docs/en/2.7.2/security-tls-transport">Transport Encryption using TLS</a></p> |
| </blockquote> |
| <h2><a class="anchor" aria-hidden="true" id="secret-vs-publicprivate-keys"></a><a href="#secret-vs-publicprivate-keys" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Secret vs Public/Private keys</h2> |
| <p>JWT support two different kind of keys in order to generate and validate the tokens:</p> |
| <ul> |
| <li>Symmetric : |
| <ul> |
| <li>there is a single <strong><em>Secret</em></strong> key that is used both to generate and validate</li> |
| </ul></li> |
| <li>Asymmetric: there is a pair of keys. |
| <ul> |
| <li><strong><em>Private</em></strong> key is used to generate tokens</li> |
| <li><strong><em>Public</em></strong> key is used to validate tokens</li> |
| </ul></li> |
| </ul> |
| <h3><a class="anchor" aria-hidden="true" id="secret-key"></a><a href="#secret-key" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Secret key</h3> |
| <p>When using a secret key, the administrator will create the key and he will |
| use it to generate the client tokens. This key will be also configured to |
| the brokers to allow them to validate the clients.</p> |
| <h4><a class="anchor" aria-hidden="true" id="creating-a-secret-key"></a><a href="#creating-a-secret-key" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Creating a secret key</h4> |
| <blockquote> |
| <p>Output file will be generated in the root of your pulsar installation directory. You can also provide absolute path for the output file.</p> |
| </blockquote> |
| <pre><code class="hljs css language-shell"><span class="hljs-meta">$</span><span class="bash"> bin/pulsar tokens create-secret-key --output my-secret.key</span> |
| </code></pre> |
| <p>To generate base64 encoded private key</p> |
| <pre><code class="hljs css language-shell"><span class="hljs-meta">$</span><span class="bash"> bin/pulsar tokens create-secret-key --output /opt/my-secret.key --base64</span> |
| </code></pre> |
| <h3><a class="anchor" aria-hidden="true" id="publicprivate-keys"></a><a href="#publicprivate-keys" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Public/Private keys</h3> |
| <p>With public/private, we need to create a pair of keys. Pulsar supports all algorithms supported by the Java JWT library shown <a href="https://github.com/jwtk/jjwt#signature-algorithms-keys">here</a></p> |
| <h4><a class="anchor" aria-hidden="true" id="creating-a-key-pair"></a><a href="#creating-a-key-pair" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Creating a key pair</h4> |
| <blockquote> |
| <p>Output file will be generated in the root of your pulsar installation directory. You can also provide absolute path for the output file.</p> |
| </blockquote> |
| <pre><code class="hljs css language-shell"><span class="hljs-meta">$</span><span class="bash"> bin/pulsar tokens create-key-pair --output-private-key my-private.key --output-public-key my-public.key</span> |
| </code></pre> |
| <ul> |
| <li><code>my-private.key</code> will be stored in a safe location and only used by administrator to generate |
| new tokens.</li> |
| <li><code>my-public.key</code> will be distributed to all Pulsar brokers. This file can be publicly shared without |
| any security concern.</li> |
| </ul> |
| <h2><a class="anchor" aria-hidden="true" id="generating-tokens"></a><a href="#generating-tokens" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Generating tokens</h2> |
| <p>A token is the credential associated with a user. The association is done through the "principal", |
| or "role". In case of JWT tokens, this field it's typically referred to as <strong>subject</strong>, though |
| it's exactly the same concept.</p> |
| <p>The generated token is then required to have a <strong>subject</strong> field set.</p> |
| <pre><code class="hljs css language-shell"><span class="hljs-meta">$</span><span class="bash"> bin/pulsar tokens create --secret-key file:///path/to/my-secret.key \</span> |
| --subject test-user |
| </code></pre> |
| <p>This will print the token string on stdout.</p> |
| <p>Similarly, one can create a token by passing the "private" key:</p> |
| <pre><code class="hljs css language-shell"><span class="hljs-meta">$</span><span class="bash"> bin/pulsar tokens create --private-key file:///path/to/my-private.key \</span> |
| --subject test-user |
| </code></pre> |
| <p>Finally, a token can also be created with a pre-defined TTL. After that time, |
| the token will be automatically invalidated.</p> |
| <pre><code class="hljs css language-shell"><span class="hljs-meta">$</span><span class="bash"> bin/pulsar tokens create --secret-key file:///path/to/my-secret.key \</span> |
| --subject test-user \ |
| --expiry-time 1y |
| </code></pre> |
| <h2><a class="anchor" aria-hidden="true" id="authorization"></a><a href="#authorization" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Authorization</h2> |
| <p>The token itself doesn't have any permission associated. That will be determined by the |
| authorization engine. Once the token is created, one can grant permission for this token to do certain |
| actions. Eg. :</p> |
| <pre><code class="hljs css language-shell"><span class="hljs-meta">$</span><span class="bash"> bin/pulsar-admin namespaces grant-permission my-tenant/my-namespace \</span> |
| --role test-user \ |
| --actions produce,consume |
| </code></pre> |
| <h2><a class="anchor" aria-hidden="true" id="enabling-token-authentication-"></a><a href="#enabling-token-authentication-" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Enabling Token Authentication ...</h2> |
| <h3><a class="anchor" aria-hidden="true" id="-on-brokers"></a><a href="#-on-brokers" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>... on Brokers</h3> |
| <p>To configure brokers to authenticate clients, put the following in <code>broker.conf</code>:</p> |
| <pre><code class="hljs css language-properties"><span class="hljs-comment"># Configuration to enable authentication and authorization</span> |
| <span class="hljs-attr">authenticationEnabled</span>=<span class="hljs-string">true</span> |
| <span class="hljs-attr">authorizationEnabled</span>=<span class="hljs-string">true</span> |
| <span class="hljs-attr">authenticationProviders</span>=<span class="hljs-string">org.apache.pulsar.broker.authentication.AuthenticationProviderToken</span> |
| <span class="hljs-comment"> |
| # If using secret key</span> |
| <span class="hljs-attr">tokenSecretKey</span>=<span class="hljs-string">file:///path/to/secret.key</span> |
| <span class="hljs-comment"># The key can also be passed inline:</span> |
| <span class="hljs-comment"># tokenSecretKey=data:;base64,FLFyW0oLJ2Fi22KKCm21J18mbAdztfSHN/lAT5ucEKU=</span> |
| <span class="hljs-comment"> |
| # If using public/private</span> |
| <span class="hljs-comment"># tokenPublicKey=file:///path/to/public.key</span> |
| </code></pre> |
| <h3><a class="anchor" aria-hidden="true" id="-on-proxies"></a><a href="#-on-proxies" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>... on Proxies</h3> |
| <p>To configure proxies to authenticate clients, put the following in <code>proxy.conf</code>:</p> |
| <p>The proxy will have its own token used when talking to brokers. The role token for this |
| key pair should be configured in the <code>proxyRoles</code> of the brokers. See the <a href="/docs/en/2.7.2/security-authorization">authorization guide</a> for more details.</p> |
| <pre><code class="hljs css language-properties"><span class="hljs-comment"># For clients connecting to the proxy</span> |
| <span class="hljs-attr">authenticationEnabled</span>=<span class="hljs-string">true</span> |
| <span class="hljs-attr">authorizationEnabled</span>=<span class="hljs-string">true</span> |
| <span class="hljs-attr">authenticationProviders</span>=<span class="hljs-string">org.apache.pulsar.broker.authentication.AuthenticationProviderToken</span> |
| <span class="hljs-attr">tokenSecretKey</span>=<span class="hljs-string">file:///path/to/secret.key</span> |
| <span class="hljs-comment"> |
| # For the proxy to connect to brokers</span> |
| <span class="hljs-attr">brokerClientAuthenticationPlugin</span>=<span class="hljs-string">org.apache.pulsar.client.impl.auth.AuthenticationToken</span> |
| <span class="hljs-attr">brokerClientAuthenticationParameters</span>=<span class="hljs-string">{"token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw"}</span> |
| <span class="hljs-comment"># Or, alternatively, read token from file</span> |
| <span class="hljs-comment"># brokerClientAuthenticationParameters=file:///path/to/proxy-token.txt</span> |
| </code></pre> |
| </span></div></article></div><div class="docs-prevnext"></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#token-authentication-overview">Token Authentication Overview</a></li><li><a href="#secret-vs-publicprivate-keys">Secret vs Public/Private keys</a><ul class="toc-headings"><li><a href="#secret-key">Secret key</a></li><li><a href="#publicprivate-keys">Public/Private keys</a></li></ul></li><li><a href="#generating-tokens">Generating tokens</a></li><li><a href="#authorization">Authorization</a></li><li><a href="#enabling-token-authentication-">Enabling Token Authentication ...</a><ul class="toc-headings"><li><a href="#-on-brokers">... on Brokers</a></li><li><a href="#-on-proxies">... on Proxies</a></li></ul></li></ul></nav></div><footer class="nav-footer" id="footer"><section class="copyright">Copyright © 2022 The Apache Software Foundation. All Rights Reserved. Apache, Apache Pulsar and the Apache feather logo are trademarks of The Apache Software Foundation.</section><span><script> |
| const community = document.querySelector("a[href='#community']").parentNode; |
| const communityMenu = |
| '<li>' + |
| '<a id="community-menu" href="#">Community <span style="font-size: 0.75em"> ▼</span></a>' + |
| '<div id="community-dropdown" class="hide">' + |
| '<ul id="community-dropdown-items">' + |
| '<li><a href="/en/contact">Contact</a></li>' + |
| '<li><a href="/en/contributing">Contributing</a></li>' + |
| '<li><a href="/en/coding-guide">Coding guide</a></li>' + |
| '<li><a href="/en/events">Events</a></li>' + |
| '<li><a href="https://twitter.com/Apache_Pulsar" target="_blank">Twitter ❐</a></li>' + |
| '<li><a href="https://github.com/apache/pulsar/wiki" target="_blank">Wiki ❐</a></li>' + |
| '<li><a href="https://github.com/apache/pulsar/issues" target="_blank">Issue tracking ❐</a></li>' + |
| '<li><a href="https://pulsar-summit.org/" target="_blank">Pulsar Summit ❐</a></li>' + |
| '<li> </li>' + |
| '<li><a href="/en/resources">Resources</a></li>' + |
| '<li><a href="/en/team">Team</a></li>' + |
| '<li><a href="/en/powered-by">Powered By</a></li>' + |
| '</ul>' + |
| '</div>' + |
| '</li>'; |
| |
| community.innerHTML = communityMenu; |
| |
| const communityMenuItem = document.getElementById("community-menu"); |
| const communityDropDown = document.getElementById("community-dropdown"); |
| communityMenuItem.addEventListener("click", function(event) { |
| event.preventDefault(); |
| |
| if (communityDropDown.className == 'hide') { |
| communityDropDown.className = 'visible'; |
| } else { |
| communityDropDown.className = 'hide'; |
| } |
| }); |
| </script></span></footer></div><script>window.twttr=(function(d,s, id){var js,fjs=d.getElementsByTagName(s)[0],t=window.twttr||{};if(d.getElementById(id))return t;js=d.createElement(s);js.id=id;js.src='https://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js, fjs);t._e = [];t.ready = function(f) {t._e.push(f);};return t;}(document, 'script', 'twitter-wjs'));</script></body></html> |