[improve][doc] Add more configuration methods for basic authentication

Signed-off-by: Zixuan Liu <nodeces@gmail.com>
apache · Aug 5, 2022 · bae686e · bae686e
1 parent d32e1df
commit bae686e
Showing 1 changed file with 35 additions and 19 deletions.
diff --git a/site2/docs/security-basic-auth.md b/site2/docs/security-basic-auth.md
@@ -55,37 +55,49 @@ superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/
 
 ## Enable basic authentication on brokers
 
-To configure brokers to authenticate clients, complete the following steps.
+To configure brokers to authenticate clients, add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file:
 
-1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.
-
-   ```
-   # Configuration to enable Basic authentication
-   authenticationEnabled=true
-   authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+```
+# Configuration to enable Basic authentication
+authenticationEnabled=true
+authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
+
+basicAuthConf=file:///path/to/.htpasswd
+# basicAuthConf=/path/to/.htpasswd
+# When use the base64 format, you need to encode the .htpaswd content to bas64
+# basicAuthConf=data:;base64,YOUR-BASE64
+# basicAuthConf=YOUR-BASE64
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
+brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+
+# If this flag is set then the broker authenticates the original Auth data
+# else it just accepts the originalPrincipal and authorizes it (if required).
+authenticateOriginalAuthData=true
+```
 
-   # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
-   brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
-   brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
+:::note
 
-   # If this flag is set then the broker authenticates the original Auth data
-   # else it just accepts the originalPrincipal and authorizes it (if required).
-   authenticateOriginalAuthData=true
-   ```
+You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
 
-2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+:::
 
 ## Enable basic authentication on proxies
 
-To configure proxies to authenticate clients, complete the following steps.
-
-1. Add the following parameters to the `conf/proxy.conf` file:
+To configure proxies to authenticate clients, add the following parameters to the `conf/proxy.conf` file:
 
    ```
    # For clients connecting to the proxy
    authenticationEnabled=true
    authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
 
+   basicAuthConf=file:///path/to/.htpasswd
+   # basicAuthConf=/path/to/.htpasswd
+   # When use the base64 format, you need to encode the .htpaswd content to bas64
+   # basicAuthConf=data:;base64,YOUR-BASE64
+   # basicAuthConf=YOUR-BASE64
+
    # For the proxy to connect to brokers
    brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
    brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
@@ -95,7 +107,11 @@ To configure proxies to authenticate clients, complete the following steps.
    forwardAuthorizationCredentials=true
    ```
 
-2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+   :::note
+
+   You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
+
+   :::
 
 ## Configure basic authentication in CLI tools