Repository: kafka Updated Branches: refs/heads/0.9.0 a2bc9501d -> fe855f982
trivial fix to 0.9.0 docs Project: http://git-wip-us.apache.org/repos/asf/kafka/repo Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/fe855f98 Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/fe855f98 Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/fe855f98 Branch: refs/heads/0.9.0 Commit: fe855f98263cb7b8095288c22c96763e1de727e7 Parents: a2bc950 Author: Jun Rao <[email protected]> Authored: Tue Nov 17 19:00:30 2015 -0800 Committer: Jun Rao <[email protected]> Committed: Tue Nov 17 19:00:30 2015 -0800 ---------------------------------------------------------------------- core/src/main/scala/kafka/admin/AclCommand.scala | 2 +- docs/security.html | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kafka/blob/fe855f98/core/src/main/scala/kafka/admin/AclCommand.scala ---------------------------------------------------------------------- diff --git a/core/src/main/scala/kafka/admin/AclCommand.scala b/core/src/main/scala/kafka/admin/AclCommand.scala index 1eb9a40..6ec0cf8 100644 --- a/core/src/main/scala/kafka/admin/AclCommand.scala +++ b/core/src/main/scala/kafka/admin/AclCommand.scala @@ -76,7 +76,7 @@ object AclCommand { val resourceToAcl = getResourceToAcls(opts) if (resourceToAcl.values.exists(_.isEmpty)) - CommandLineUtils.printUsageAndDie(opts.parser, "You must specify one of: --allow-principals, --deny-principals when trying to add acls.") + CommandLineUtils.printUsageAndDie(opts.parser, "You must specify one of: --allow-principal, --deny-principal when trying to add acls.") for ((resource, acls) <- resourceToAcl) { val acls = resourceToAcl(resource) http://git-wip-us.apache.org/repos/asf/kafka/blob/fe855f98/docs/security.html ---------------------------------------------------------------------- diff --git a/docs/security.html b/docs/security.html index da9c3c6..eb5dadb 100644 --- a/docs/security.html +++ b/docs/security.html @@ -1,4 +1,4 @@ - +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. @@ -266,7 +266,7 @@ Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementat One can also add super users in broker.properties like the following. <pre>super.users=User:Bob;User:Alice</pre> By default, the SSL user name will be of the form "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown". One can change that by setting a customized PrincipalBuilder in broker.properties like the following. -<pre>principal.builder.classs=CustomizedPrincipalBuilderClass</pre> +<pre>principal.builder.class=CustomizedPrincipalBuilderClass</pre> By default, the SASL user name will be the primary part of the Kerberos principal. One can change that by setting <code>sasl.kerberos.principal.to.local.rules</code> to a customized rule in broker.properties. <h4><a id="security_authz_cli" href="#security_authz_cli">Command Line Interface</a></h4> Kafka Authorization management CLI can be found under bin directory with all the other CLIs. The CLI script is called <b>kafka-acls.sh</b>. Following lists all the options that the script supports: @@ -340,14 +340,14 @@ Kafka Authorization management CLI can be found under bin directory with all the </tr> <tr> <td>--allow-host</td> - <td>Host from which principals listed in --allow-principals will have access.</td> - <td> if --allow-principals is specified defaults to * which translates to "all hosts"</td> + <td>Host from which principals listed in --allow-principal will have access.</td> + <td> if --allow-principal is specified defaults to * which translates to "all hosts"</td> <td>Host</td> </tr> <tr> <td>--deny-host</td> - <td>Host from which principals listed in --deny-principals will be denied access.</td> - <td>if --deny-principals is specified defaults to * which translates to "all hosts"</td> + <td>Host from which principals listed in --deny-principal will be denied access.</td> + <td>if --deny-principal is specified defaults to * which translates to "all hosts"</td> <td>Host</td> </tr> <tr> @@ -378,7 +378,7 @@ Kafka Authorization management CLI can be found under bin directory with all the Suppose you want to add an acl "Principals User:Bob and User:Alice are allowed to perform Operation Read and Write on Topic Test-Topic from Host1 and Host2". You can do that by executing the CLI with following options: <pre>bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host Host1 --allow-host Host2 --operation Read --operation Write --topic Test-topic</pre> By default all principals that don't have an explicit acl that allows access for an operation to a resource are denied. In rare cases where an allow acl is defined that allows access to all but some principal we will have to use the --deny-principal and --deny-host option. For example, if we want to allow all users to Read from Test-topic but only deny User:BadBob from host bad-host we can do so using following commands: - <pre>bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:* --allow-hosts * --deny-principal User:BadBob --deny-host bad-host --operation Read--topic Test-topic</pre> + <pre>bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:* --allow-host * --deny-principal User:BadBob --deny-host bad-host --operation Read --topic Test-topic</pre> Above examples add acls to a topic by specifying --topic [topic-name] as the resource option. Similarly user can add acls to cluster by specifying --cluster and to a consumer group by specifying --consumer-group [group-name].</li> <li><b>Removing Acls</b><br>
