use originalAuthMethod on originalAuthChecker (apache#6870)

Fixes apache#6873 Use originalAuthMethod on originalAuthProvider check.
Huanli-Meng · May 27, 2020 · 7784ebc · 7784ebc
1 parent 701fbcb
commit 7784ebc
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
@@ -655,9 +655,23 @@ protected void handleConnect(CommandConnect connect) {
             //  2. we require to validate the original credentials
             //  3. no credentials were passed
             if (connect.hasOriginalPrincipal() && service.getPulsar().getConfig().isAuthenticateOriginalAuthData()) {
+                // init authentication
+                String originalAuthMethod;
+                if (connect.hasOriginalAuthMethod()) {
+                    originalAuthMethod = connect.getOriginalAuthMethod();
+                } else {
+                    originalAuthMethod = "none";
+                }
+
                 AuthenticationProvider originalAuthenticationProvider = getBrokerService()
                         .getAuthenticationService()
-                        .getAuthenticationProvider(authMethod);
+                        .getAuthenticationProvider(originalAuthMethod);
+
+                if (originalAuthenticationProvider == null) {
+                    throw new AuthenticationException(String.format("Can't find AuthenticationProvider for original role" +
+                            " using auth method [%s] is not available", originalAuthMethod));
+                }
+
                 originalAuthState = originalAuthenticationProvider.newAuthState(
                         AuthData.of(connect.getOriginalAuthData().getBytes()),
                         remoteAddress,