Google Git
Sign in
apache / pulsar / 7337470f33586aa639854266efe95c2fa32f48db^! / .
commit7337470f33586aa639854266efe95c2fa32f48db[log] [tgz]
authorMichael Marshall <mmarshall@apache.org>Wed Apr 05 18:10:55 2023 -0500
committerMichael Marshall <mmarshall@apache.org>Wed Apr 05 19:23:43 2023 -0500
tree62cd8d21932eecf9c3ffe6108bbc3283b9631882
parentca022bd01d8af89571d531156f1b359a9326324c [diff]
[fix][broker] Only validate superuser access if authz enabled (#19989)

In #19455, I added a requirement that only the proxy role could supply an original principal. That check is only supposed to apply when the broker has authorization enabled. However, in one case, that was not the case. This PR does a check and returns early when authorization is not enabled in the broker.

See https://github.com/apache/pulsar/pull/19830#issuecomment-1492262201 for additional motivation.

* Update the `PulsarWebResource#validateSuperUserAccessAsync` to only validate when authentication and authorization are enabled in the configuration.

This is a trivial change. It'd be good to add tests, but I didn't include them here because this is a somewhat urgent fix. There was one test that broke because of this change, so there is at least some existing coverage.

- [x] `doc-not-needed`

PR in forked repository: https://github.com/michaeljmarshall/pulsar/pull/39

(cherry picked from commit 1a6c28dd0072de05a544dbc9243bfbe6bccea5db)
(cherry picked from commit 36f0db581361e596fb7984a6c57ce192a1d4459c)

diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
index 6fb8607..2bb24ee 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java

@@ -182,7 +182,7 @@
      *             if not authorized
      */
     public void validateSuperUserAccess() {
-        if (config().isAuthenticationEnabled()) {
+        if (config().isAuthenticationEnabled() && config().isAuthorizationEnabled()) {
             String appId = clientAppId();
             if (log.isDebugEnabled()) {
                 log.debug("[{}] Check super user access: Authenticated: {} -- Role: {}", uri.getRequestUri(),
@@ -218,7 +218,7 @@
                 log.debug("Successfully authorized {} (proxied by {}) as super-user",
                           originalPrincipal, appId);
             } else {
-                if (config().isAuthorizationEnabled() && !pulsar.getBrokerService()
+                if (!pulsar.getBrokerService()
                         .getAuthorizationService()
                         .isSuperUser(appId, clientAuthData())
                         .join()) {