[Doc] Update security-jwt.md to make client authentication

[sakurafly123]

What issue do you find in Pulsar docs?

when client authentication using tokens based on JSON web Tokens, my client will throw following exceptions.

Exception in thread "main" org.apache.pulsar.client.api.PulsarClientException$AuthenticationException: Unable to authenticate
at org.apache.pulsar.client.api.PulsarClientException.unwrap(PulsarClientException.java:920)
at org.apache.pulsar.client.impl.ProducerBuilderImpl.create(ProducerBuilderImpl.java:94)
at PulsarProducerTest.main(PulsarProducerTest.java:30)
some modified propertiey in my standalone.conf

• authenticationEnabled=true
• authorizationEnabled=true
• authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
• brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
• brokerClientAuthenticationParameters={"token":"xxx"}
• tokenSecretKey=file:///path/to/secret.key

What is your suggestion?

we need to add a property named superUserRoles into broker.conf or standalone.conf and the value of superUserRoles is the role that we use to create token;

Do you have any references?

https://github.com/apache/pulsar/blob/master/site2/docs/security-jwt.md

Would you like to fix this issue?

yes

Note

• I have researched my question.

[Jason918]

Could you please update the issue with a proper title?

[RobertIndie]

Did you follow the step to grant your role permission? https://pulsar.apache.org/docs/en/security-jwt/#authorization

[sakurafly123]

Did you follow the step to grant your role permission? https://pulsar.apache.org/docs/en/security-jwt/#authorization

yes, when i want to produce some mesaage into pulsar, the role that we use to create token needs to to be given permission to produce. so we need to execute the following statement;
$ bin/pulsar-admin namespaces grant-permission my-tenant/my-namespace \ --role test-user \ --actions produce,consume
but there will throw a exception that

WARN org.apache.pulsar.client.admin.internal.BaseResource - [http://localhost:8080/admin/v2/namespaces/my-tenant/my-namespace/permissions/test-user] Failed to perform http post request: javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
HTTP 401 Unauthorized
Reason: HTTP 401 Unauthorized

[sakurafly123]

So，the way to solve this problem is seting the role that we use to create token into the value of superRoles in broker.conf or standalone.conf

[github-actions]

The issue had no activity for 30 days, mark with Stale label.

[github-actions]

The issue had no activity for 30 days, mark with Stale label.