search

streamnative / pulsar-archived

Apache Pulsar - distributed pub-sub messaging system
https://pulsar.apache.org
Apache License 2.0
73 stars 25 forks source link

ISSUE-13766: Pulsar 2.9 topic produced through REST not support Authorization #3571

Open sijie opened 2 years ago

sijie commented 2 years ago

Original Issue: apache/pulsar#13766

Describe the bug Since Pulsar 2.9.1, user can produce the message through the Rest API . After activated the authentication and authorization mechanism(JWT) in the broker.conf. The system will show the message

{ "reason": "Unauthorized to produce to topic persistent://bi/a/tls with clientAppId [bi] and authdata org.apache.pulsar.broker.authentication.AuthenticationDataHttps@a69bf62" }

To Reproduce Steps to reproduce the behavior:

  1. Activate the security in Pulsar with JWT and assign the role in the tenant

  2. Create the topic through the Pulsar manager under the tenant

  3. Use Postman to POST the message(Use Bearer Token)

  4. See error image image

  5. The same token value use the JAVA client and node client could successfully produce the message

  6. Using the same token and using CLI mode to produce a message The client.conf image Producing Results image

Expected behavior The token we provided in the postman not only do the authentication but authorization in Pulsar .

Screenshots

thomaeschen commented 2 years ago

The following screenshots are using the same token in the postman to produce the message through CLI mode client.conf image produce message image

github-actions[bot] commented 2 years ago

The issue had no activity for 30 days, mark with Stale label.