This is an automated email from the ASF dual-hosted git repository.
showuon pushed a commit to branch 3.9
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/3.9 by this push:
new 66e2ac0e098 MINOR: add docs for
"org.apache.kafka.sasl.oauthbearer.allowed.urls" in v3.9 (#18940)
66e2ac0e098 is described below
commit 66e2ac0e098f6ee83deaf5501bf3f606d29b35fa
Author: Luke Chen <show...@gmail.com>
AuthorDate: Tue Feb 18 18:13:09 2025 +0900
MINOR: add docs for "org.apache.kafka.sasl.oauthbearer.allowed.urls" in
v3.9 (#18940)
add docs for "org.apache.kafka.sasl.oauthbearer.allowed.urls" in v3.9.
Reviewers: Manikumar Reddy <manikumar.re...@gmail.com>
---
docs/configuration.html | 10 ++++++++++
docs/upgrade.html | 5 +++++
2 files changed, 15 insertions(+)
diff --git a/docs/configuration.html b/docs/configuration.html
index 6ce29e0f2ba..f7c99623de9 100644
--- a/docs/configuration.html
+++ b/docs/configuration.html
@@ -290,6 +290,16 @@
Kafka supports some configuration that can be enabled through Java system
properties. System properties are usually set by passing the -D flag to the
Java virtual machine in which Kafka components are running.
Below are the supported system properties.
<ul class="config-list">
+ <li>
+ <h4><a id="org.apache.kafka.sasl.oauthbearer.allowed.urls"></a><a
id="systemproperties_org.apache.kafka.sasl.oauthbearer.allowed.urls"
href="#systemproperties_org.apache.kafka.sasl.oauthbearer.allowed.urls">org.apache.kafka.sasl.oauthbearer.allowed.urls</a></h4>
+ <p>This system property is used to set the allowed URLs as SASL
OAUTHBEARER token or jwks endpoints. This property accepts comma-separated list
of URLs. By default all URLs are allowed.
+ <p>If users want to only enable some URLs, users need to explicitly set
the system property like below.
+ <p><pre><code
class="language-bash">-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls=https://www.example.com,file:///tmp/token</code></pre>
+ <table><tbody>
+ <tr><th>Since:</th><td>3.9.1</td></tr>
+ <tr><th>Default Value:</th><td>All URLs are allowed</td></tr>
+ </tbody></table>
+ </li>
<li>
<h4><a id="org.apache.kafka.disallowed.login.modules"></a><a
id="systemproperties_org.apache.kafka.disallowed.login.modules"
href="#systemproperties_org.apache.kafka.disallowed.login.modules">org.apache.kafka.disallowed.login.modules</a></h4>
<p>This system property is used to disable the problematic login modules
usage in SASL JAAS configuration. This property accepts comma-separated list of
loginModule names. By default
<b>com.sun.security.auth.module.JndiLoginModule</b> loginModule is disabled.
diff --git a/docs/upgrade.html b/docs/upgrade.html
index 5bbe132695f..8a4a856a28a 100644
--- a/docs/upgrade.html
+++ b/docs/upgrade.html
@@ -84,6 +84,11 @@
<h5><a id="upgrade_391_notable" href="#upgrade_391_notable">Notable
changes in 3.9.1</a></h5>
<ul>
+ <li>
+ We have added a system property
("org.apache.kafka.sasl.oauthbearer.allowed.urls") to
+ set the allowed URLs as SASL OAUTHBEARER token or jwks endpoints.
By default all URLs are allowed.
+ Users should explicitly set the desired allowed list if necessary.
+ </li>
<li>Request logging for deprecated protocol api versions was changed
from <code>DEBUG</code> to <code>INFO</code> level. This makes it possible to
enable request
logging for deprecated requests without enabling it for regular
requests (which are still logged at <code>DEBUG</code> level). The relevant
logger is
<code>log4j.logger.kafka.request.logger</code> and it can be
adjusted statically via the <code>log4j.properties</code> file or dynamically
via <code>kafka-configs.sh</code>.
