This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • KIP-111: Kafka should preserve the Principal generated by the PrincipalBuilder while processing the request received on socket channel, on the broker.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Status

Current state: Under DiscussionClosed (Covered by KIP-189)

Discussion thread: (Original Archive) (Markmail)

...

This KIP introduces a change to Session class to accept a parameter of Java Principal type  instead of KafkaPrincipal type.

This change will not affect the default ACL Authorizer (SimpleAclAuthorizer) as we would generate a KafkaPrincipal from the Java Principal in the default Authorizer.

Proposed Changes

  • Change the Session class to accept a parameter of type Java Principal instead of KafkaPrincipal.

    Code Block
    languagejava
    themeMidnight
    case class Session(principal: Principal, clientAddress: InetAddress)
  • The Authorizer can access this principal object as follows :

    Code Block
    languagejava
    themeMidnight
    public boolean authorize(RequestChannel.Session session, Operation operation, Resource resource) {
    ...
     Principal principal = session.principal();
     User_Defined_Principal principal = (User_Defined_Principal) principal;  
    ...
    }
  • User_Defined_Principal is the Principal generated by the PrincipalBuilder and it implements Java Principal.

...