As the central message bus for a business, Apache Pulsar is frequently used for storing mission-critical data. Therefore, enabling security features in Pulsar is crucial.

默认情况下,Pulsar 不配置加密、身份验证和授权。 任何客户端都可以通过纯文本 URL 服务向 Apache Pulsar 进行通信。 因此,我们必须确保通过这些纯文本 URL 服务访问 Pulsar 的都是受信任的客户端。 在这种情况下,您可以使用网络分段和 ACL 授权来限制可信 IP 的访问。 如果两者都没启用,那集群就是一个完全开放的状态,任何人都可以访问集群。

Pulsar 支持可插拔的身份认证机制。 Pulsar clients 利用这一机制对 broker 和 proxy 进行认证。 您还可以配置 Pulsar 来支持多种身份认证方式。

The Pulsar broker validates the authentication credentials when a connection is established. After the initial connection is authenticated, the “principal” token is stored for authorization though the connection is not re-authenticated. The broker periodically checks the expiration status of every ServerCnx object. You can set the authenticationRefreshCheckSeconds on the broker to control the frequency to check the expiration status. By default, the authenticationRefreshCheckSeconds is set to 60s. When the authentication is expired, the broker forces to re-authenticate the connection. If the re-authentication fails, the broker disconnects the client.

The broker supports learning whether a particular client supports authentication refreshing. If a client supports authentication refreshing and the credential is expired, the authentication provider calls the refreshAuthentication method to initiate the refreshing process. If a client does not support authentication refreshing and the credential is expired, the broker disconnects the client.

您最好在您的 Apache Pulsar 生产环境中开启对组件的安全防护。

角色标识

In Pulsar, a role is a string, like admin or app1, which can represent a single client or multiple clients. 您可以使用这些角色来控制客户端生产或消费某些特定 topic 的权限,管理租户的配置等。

Apache Pulsar uses a Authentication Provider to establish the identity of a client and then assign a role token to that client. 这个角色标识用于 授权和 ACL ,确定了客户端被授权做什么。

身份验证提供商

当前 Pulsar 支持以下身份验证提供者: