[PIP-55][Doc]--Update security overview #7302
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e broker config file by Jia.
Contributor
Author
|
@jiazhai , please help review the document. |
Contributor
Author
|
once the doc is approved, it will be added to the release 2.6.0. |
Jennifer88huang-zz
added
doc
Contributor
Jennifer88huang-zz
left a comment
Jennifer88huang-zz
left a comment
There was a problem hiding this comment.
Good job from technical writing perspective.
site2/docs/security-overview.md
Outdated
|
|
||
| Pulsar supports a pluggable authentication mechanism. And Pulsar clients use this mechanism to authenticate with brokers and proxies. You can also configure Pulsar to support multiple authentication sources. | ||
|
|
||
| The Pulsar broker validates the authentication credentials when a connection is established. After the initial connection is authenticated, the "principal" token is stored for authorization though the connection is not re-authenticated. The broker periodically checks the expiration status of every `ServerCnx` object. You can set the `authenticationRefreshCheckSeconds` on the broker to control the frequency to check the expiration status. By default, the `authenticationRefreshCheckSeconds` is set to 60s. When the authentication is expired, the broker forces to re-authenticate the connection. If the re-authentication fails, the broker disconnects the client . |
Contributor
There was a problem hiding this comment.
remove the redundant space before the last period.
|
|
||
| The broker knows whether a particular client supports authentication refreshing. If a client supports authentication refreshing and the credential is expired, the authentication provider calls the `refreshAuthentication` method to initiate the refreshing process. If a client does not support authentication refreshing and the credential is expired, the broker disconnects the client. | ||
|
|
||
| You had better secure the service components in your Apache Pulsar deployment. |
Contributor
There was a problem hiding this comment.
"knows" is not a good verb here, we can use another verb to avoid attributing human qualities to software or hardware.
For details, refer to attribute human qualities to software or hardware
jiazhai
approved these changes
Jun 27, 2020
wolfstudy
pushed a commit
that referenced
this pull request
Jul 29, 2020
This PR is to update docs for PIP-55: #6074 ### Motivation provide general doc description about implementing the authentication refreshing functionality. ### Modifications Update the Security overview for PIP 55. the `authenticationRefreshCheckSeconds` config has been added through the PR: #6074 (cherry picked from commit 29b81ed)
huangdx0726
pushed a commit
to huangdx0726/pulsar
that referenced
this pull request
Aug 24, 2020
This PR is to update docs for PIP-55: apache#6074 ### Motivation provide general doc description about implementing the authentication refreshing functionality. ### Modifications Update the Security overview for PIP 55. the `authenticationRefreshCheckSeconds` config has been added through the PR: apache#6074
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is to update docs for PIP-55: #6074
Motivation
provide general doc description about implementing the authentication refreshing functionality.
Modifications
Update the Security overview for PIP 55.
the
authenticationRefreshCheckSecondsconfig has been added through the PR: #6074