Shulou(Shulou.com)06/03 Report--

An overview of Token authentication

Pulsar supports client authentication using JSON Web Tokens (RFC-7519)-based security tokens.

Tokens is used to identify Pulsar clients and is associated with roles that are then granted permission to perform certain actions (such as publishing or using a topic).

The administrator usually gives the client a token string to use when connecting.

JWT supports two different keys to generate and validate tokens

1 symmetric key

There is a key for generating tokens and validations

2 asymmetric keys, with a pair of keys, private keys and public keys

The private key is used to generate the token

The public key is used to generate validation

Second, verify that the first is a super administrator token

The following is verified using a symmetric key example (Pulsar2.4.2 version)

1 create key

$bin/pulsar tokens create-secret-key-output my-secret.ke

Generate a base64-encoded private key

$bin/pulsar tokens create-secret-key-output / data/apache-pulsar-2.4.2/my-secret.key-base64

2 generate token (Note: generate superUserRoles role token first)

Tokens are credentials associated with the user, and the association is done through roles.

The following command generates tokens for the test-user role

Bin/pulsar tokens create-- secret-key file:///data/apache-pulsar-2.4.2/my-secret.key\

-- subject test-user

After executing this command, the role token is output on the screen, and the token is recorded, which is used later in the client configuration.

Suppose you generate a token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw

3 Brokers enable token authentication

Configure broker.conf

AuthenticationEnabled=true

AuthorizationEnabled=true

AuthenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken

TokenSecretKey= file:///data/apache-pulsar-2.4.2/my-secret.key

# Super user role, with the highest permissions, separated by commas

SuperUserRoles=test-user

BrokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken

BrokerClientAuthenticationParameters=token:eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw

4 after restarting Broker, the Broker service has started Token authentication

Executing the $pulsar-admin tenants list command prompts you that you have no permissions.

5 configure client.conf to use command line tools with permission to use

AuthPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken

# the token configured here is the super administrator token born above

AuthParams=token:eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw

6 after restarting Broker, the command line tool can be used normally

7 java client authentication

PulsarClient client = PulsarClient.builder ()

.serviceUrl ("pulsar://192.168.1.48:6650/")

.authentication (AuthenticationFactory.token ("eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw") .build ()

Third, generate a general user token for the client to use

1 generate a new role (test-user1) token

Bin/pulsar tokens create-- secret-key file:///data/apache-pulsar-2.4.2/my-secret.key\

-- subject test-user1

The fake token is (eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIxIn0.HHpjQYfqqdUSN_iAw79qjsPqHyPFvscvGUANvjQNEOo)

2 authorization

Bin/pulsar-admin namespaces grant-permission my-tenant/my-namespace\

-- role test-user1\

-- actions produce,consume

3 JAVA client verification. Sending or receiving messages indicates success.

PulsarClient client = PulsarClient.builder ()

.serviceUrl ("pulsar://192.168.1.48:6650/")

.authentication (AuthenticationFactory.token ("eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIxIn0.HHpjQYfqqdUSN_iAw79qjsPqHyPFvscvGUANvjQNEOo") .build ()

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.