[fix][broker] Fix incorrect AuthData passed to AuthorizationService in proxy scenarios

[codelipenghui]

Summary

Fixes an issue introduced by PR #24533 where incorrect AuthData was being passed to the AuthorizationService in proxy scenarios.

Problem

PR #24533 changed the ServerCnx.isTopicOperationAllowed() method to call:

// INCORRECT - only passes originalAuthDataSource, loses authDataSource
service.getAuthorizationService().allowTopicOperationAsync(
    topicName, operation, originalPrincipal, authRole,
    originalAuthDataSource \!= null ? originalAuthDataSource : authDataSource);

https://github.com/apache/pulsar/pull/24533/files#diff-1e0e8195fb5ec5a6d79acbc7d859c025a9b711f94e6ab37c94439e99b3202e84R480-R483

This might breaks proxy authorization scenarios for some customized implementation of AuthorizationProvider where both the proxy's auth data (authDataSource) and the original client's auth data (originalAuthDataSource) need to be validated separately.

Root Cause

The old 5-parameter method signature was limiting and caused incorrect authorization decisions in proxy scenarios. The fix uses the new 6-parameter method that properly separates the two auth data sources.

Solution

AuthorizationService Changes

• Added new 6-parameter allowTopicOperationAsync method that takes both originalAuthData and authData separately
• Enhanced proxy authorization logic to validate both proxy and original client permissions when isProxyRole(role) is true
• Maintains backward compatibility with existing authorization flows

ServerCnx Changes

• Updated method call to use new 6-parameter signature:

  // CORRECT - passes both auth data sources separately
  service.getAuthorizationService().allowTopicOperationAsync(
      topicName, operation, originalPrincipal, authRole,
      originalAuthDataSource, authDataSource);

• Fixed log message from "Role X and OriginalRole Y" to "Role X or OriginalRole Y" for accuracy

Test Updates

• Updated test mocks and verification calls to match new 6-parameter method signature
• All existing authorization test scenarios continue to pass

Impact

Before (Broken):

• Proxy scenarios could fail authorization incorrectly
• Only one auth data source was being considered
• Potential security implications where valid proxy+client combinations were denied

After (Fixed):

• Proper dual validation of both proxy and original client auth data
• Correct authorization decisions in all proxy scenarios
• Enhanced security through proper separation of concerns

Test Results

✅ All 109 tests in ServerCnxTest pass
✅ Authorization logic works correctly for:

• Direct client connections
• Proxy connections with original client auth data
• Mixed proxy scenarios

References

• Fixes issues introduced by PR [fix][ws] Fix WebSocket authorization issue due to originalPrincipal must be provided #24533
• Related to proxy authorization and multi-tenant auth scenarios

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

[codelipenghui]

/pulsarbot run-failure-checks

[codecov-commenter]

Codecov Report

❌ Patch coverage is 78.57143% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.31%. Comparing base (bbc6224) to head (e1fe4fe).
⚠️ Report is 1250 commits behind head on master.

Files with missing lines	Patch %	Lines
...sar/broker/authorization/AuthorizationService.java	75.00%	1 Missing and 1 partial ⚠️
...pulsar/broker/admin/impl/PersistentTopicsBase.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #24593      +/-   ##
============================================
+ Coverage     73.57%   74.31%   +0.74%     
- Complexity    32624    32676      +52     
============================================
  Files          1877     1880       +3     
  Lines        139502   146430    +6928     
  Branches      15299    16788    +1489     
============================================
+ Hits         102638   108822    +6184     
- Misses        28908    28965      +57     
- Partials       7956     8643     +687     

Flag	Coverage Δ
inttests	26.70% <7.14%> (+2.12%)	⬆️
systests	23.32% <7.14%> (-1.00%)	⬇️
unittests	73.81% <78.57%> (+0.97%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...g/apache/pulsar/broker/lookup/TopicLookupBase.java	70.00% <100.00%> (+2.58%)	⬆️
...va/org/apache/pulsar/broker/service/ServerCnx.java	72.50% <100.00%> (+0.36%)	⬆️
...rg/apache/pulsar/broker/web/PulsarWebResource.java	65.51% <100.00%> (+1.47%)	⬆️
...pulsar/broker/admin/impl/PersistentTopicsBase.java	69.99% <0.00%> (+4.54%)	⬆️
...sar/broker/authorization/AuthorizationService.java	53.95% <75.00%> (-4.26%)	⬇️

... and 1108 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.