kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manikumar (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (KAFKA-4454) Authorizer should also include the Principal generated by the PrincipalBuilder.
Date Fri, 15 Sep 2017 10:49:00 GMT

     [ https://issues.apache.org/jira/browse/KAFKA-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Manikumar resolved KAFKA-4454.
------------------------------
    Resolution: Fixed

This is covered in KIP-189/KAFKA-5783

> Authorizer should also include the Principal generated by the PrincipalBuilder.
> -------------------------------------------------------------------------------
>
>                 Key: KAFKA-4454
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4454
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.10.0.1
>            Reporter: Mayuresh Gharat
>            Assignee: Mayuresh Gharat
>
> Currently kafka allows users to plugin a custom PrincipalBuilder and a custom Authorizer.
> The Authorizer.authorize() object takes in a Session object that wraps KafkaPrincipal
and InetAddress.
> The KafkaPrincipal currently has a PrincipalType and Principal name, which is the name
of Principal generated by the PrincipalBuilder. 
> This Principal, generated by the pluggedin PrincipalBuilder might have other fields that
might be required by the pluggedin Authorizer but currently we loose this information since
we only extract the name of Principal while creating KaflkaPrincipal in SocketServer.  
> It would be great if KafkaPrincipal has an additional field "channelPrincipal" which
is used to store the Principal generated by the plugged in PrincipalBuilder.
> The pluggedin Authorizer can then use this "channelPrincipal" to do authorization.
>  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message