[fix][broker] Call originalAuthState.authenticate in ServerCnx

michaeljmarshall · michaeljmarshall · commit 6b1182c65b23 · 2023-02-22T23:47:09.000-06:00
This change was introduced by apache#19295. That PR had more changes than are worth cherry-picking, though, so this commit only has the additional call to authenticate the original auth data. As a result, this commit is slightly less efficient because in some implementations, the authdata will be validated twice. (cherry picked from commit f9727ca) (cherry picked from commit 1935f07) (cherry picked from commit 870bf04)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
@@ -818,10 +818,12 @@ protected void handleConnect(CommandConnect connect) {
                                     + " using auth method [%s] is not available", originalAuthMethod));
                 }
 
+                AuthData originalAuthDataCopy =  AuthData.of(connect.getOriginalAuthData().getBytes());
                 originalAuthState = originalAuthenticationProvider.newAuthState(
-                        AuthData.of(connect.getOriginalAuthData().getBytes()),
+                        originalAuthDataCopy,
                         remoteAddress,
                         sslSession);
+                originalAuthState.authenticate(originalAuthDataCopy);
                 originalAuthData = originalAuthState.getAuthDataSource();
                 originalPrincipal = originalAuthState.getAuthRole();
 
