kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajini Sivaram (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KAFKA-6532) Delegation token internals should not impact public interfaces
Date Mon, 05 Feb 2018 11:11:01 GMT
Rajini Sivaram created KAFKA-6532:

             Summary: Delegation token internals should not impact public interfaces
                 Key: KAFKA-6532
                 URL: https://issues.apache.org/jira/browse/KAFKA-6532
             Project: Kafka
          Issue Type: Bug
          Components: core
            Reporter: Rajini Sivaram
            Assignee: Rajini Sivaram

We need to make sure that code related to the internal delegation tokens implementation doesn't
have any impact on public interfaces, including customizable callback handlers from KIP-86.
 # KafkaPrincipal has a public _tokenAuthenticated()_ method. Principal builders are configurable
and we now expect custom principal builders to set this value. Since we allow the same endpoint
to be used for basic SCRAM and delegation tokens, the configured principal builder needs a
way of detecting token authentication. Default principal builder does this using internal
SCRAM implementation code. It will be better if configurable principal builders didn't have
to set this flag at all.
 # It will be better to replace _o.a.k.c.security.scram.DelegationTokenAuthenticationCallback_
with a more generic _ScramExtensionsCallback_. This will allow us to add more extensions in
future and it will also enable custom Scram extensions.
 # _ScramCredentialCallback_ was extended to add _tokenOwner_ and mechanism. Mechanism is
determined during SASL handshake and shouldn't be configurable in a callback handler. _ScramCredentialCallback_
is being made a public interface in KIP-86 with configurable callback handlers. Since delegation
token implementation is internal and not extensible, _tokenOwner_ should be in a delegation-token-specific

This message was sent by Atlassian JIRA

View raw message