[feat] PIP-468: V5 Authentication adapter bridges authData()#25685
Merged
merlimat merged 1 commit intoapache:masterfrom May 6, 2026
Merged
[feat] PIP-468: V5 Authentication adapter bridges authData()#25685merlimat merged 1 commit intoapache:masterfrom
merlimat merged 1 commit intoapache:masterfrom
Conversation
Replace the TODO stub on V5AuthWrapper.authData() that returned null with a proper bridge to v4's AuthenticationDataProvider. The two interfaces (V5 AuthenticationData / v4 AuthenticationDataProvider) are aligned method-for-method, so the new V5AuthDataWrapper is a 1:1 delegation across HTTP headers, TLS certificates / private keys, and binary-protocol command data. Without this fix, any V5 caller that asks the wrapped Authentication for credentials (e.g. integrations that bridge V5 auth into another transport, or future V5 client-side code that exercises the SPI directly) silently gets null and either crashes or — worse — sends an unauthenticated request. Also wires the authData(brokerHostName) overload, which was previously inheriting the default that delegates to authData() and would have leaked the same null. AuthenticationAdapterTest verifies the round trip via AuthenticationFactory .token(...): the wrapped v4 token shows up on the V5 side via hasDataFromCommand() / getCommandData(), and the per-host overload delegates correctly.
lhotari
approved these changes
May 5, 2026
merlimat
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace the TODO stub on
V5AuthWrapper.authData()that returnednullwith a proper bridge to v4'sAuthenticationDataProvider. The two interfaces (V5AuthenticationData/ v4AuthenticationDataProvider) are aligned method-for-method, so the newV5AuthDataWrapperis a 1:1 delegation across HTTP headers, TLS certificates / private keys, and binary-protocol command data.Without this fix, any V5 caller that asks the wrapped
Authenticationfor credentials silently getsnulland either crashes or — worse — sends an unauthenticated request.Also wires the
authData(brokerHostName)overload, which was previously inheriting the default that delegates toauthData()and would have leaked the samenull.Test plan
AuthenticationAdapterTest(3 unit tests) — token credential round-trips throughauthData(); per-host overload delegates; method name passes through.pulsar-client-v5checkstyle clean.