feat(ZOOKEEPER-3824): allow SASL allowlist expansion during reconfig

Asmoday · Asmoday · commit 8f670defa9b7 · 2025-12-22T21:29:34.000+03:00
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
@@ -164,20 +164,12 @@ private void handleAuthorizeCallback(AuthorizeCallback ac) {
         if (!isDigestAuthn && authzFlag) {
             String[] components = authorizationID.split("[/@]");
             if (components.length == 3) {
-                // authorizationID looks like: zookeeper/<host>@REALM
-                String host = components[1].toLowerCase(Locale.ROOT);
-                authzFlag = authzHostsRef.get().contains(host);
+                authzFlag = authzHostsRef.get().contains(components[1]);
             } else {
                 authzFlag = false;
             }
             if (!authzFlag) {
-                //LOG.error("SASL authorization completed, {} is not authorized to connect", authorizationID);
-                Set<String> cur = authzHostsRef.get();
-                LOG.error("SASL authorization completed, {} is not authorized to connect. principalHost={}, allowlistSize={}, allowlistSample={}",
-                                          authorizationID,
-                                          (components.length == 3 ? components[1] : "bad-principal"),
-                                          cur.size(),
-                                          cur.stream().limit(10).collect(Collectors.toList()));
+                LOG.error("SASL authorization completed, {} is not authorized to connect", authorizationID);
             }
         }
 
