This is an automated email from the ASF dual-hosted git repository.
chia7712 pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new 563338c0e95 MINOR: Refactor on DelegationTokenManager follow up with
KAFKA-18711 (#20579)
563338c0e95 is described below
commit 563338c0e950209edebf064353a626249c5efc3c
Author: Maros Orsak <[email protected]>
AuthorDate: Wed Sep 24 20:25:44 2025 +0200
MINOR: Refactor on DelegationTokenManager follow up with KAFKA-18711
(#20579)
Follow-up PR of KAFKA-18711. The motivation and reason for this change
are outlined in [1].
[1] - https://github.com/apache/kafka/pull/20475#discussion_r2375608168
Reviewers: Chia-Ping Tsai <[email protected]>
---
core/src/main/scala/kafka/server/KafkaApis.scala | 3 +--
.../main/java/org/apache/kafka/security/DelegationTokenManager.java | 4 ++++
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/core/src/main/scala/kafka/server/KafkaApis.scala
b/core/src/main/scala/kafka/server/KafkaApis.scala
index 4cbef3fa648..6ca9014f654 100644
--- a/core/src/main/scala/kafka/server/KafkaApis.scala
+++ b/core/src/main/scala/kafka/server/KafkaApis.scala
@@ -64,7 +64,6 @@ import org.apache.kafka.security.DelegationTokenManager
import org.apache.kafka.server.{ApiVersionManager, ClientMetricsManager,
ProcessRole}
import org.apache.kafka.server.authorizer._
import org.apache.kafka.server.common.{GroupVersion, RequestLocal,
ShareVersion, StreamsVersion, TransactionVersion}
-import org.apache.kafka.server.config.DelegationTokenManagerConfigs
import org.apache.kafka.server.share.context.ShareFetchContext
import org.apache.kafka.server.share.{ErroneousAndValidPartitionData,
SharePartitionKey}
import org.apache.kafka.server.share.acknowledge.ShareAcknowledgementBatch
@@ -2314,7 +2313,7 @@ class KafkaApis(val requestChannel: RequestChannel,
if (!allowTokenRequests(request))
sendResponseCallback(Errors.DELEGATION_TOKEN_REQUEST_NOT_ALLOWED,
Collections.emptyList)
- else if (!new DelegationTokenManagerConfigs(config).tokenAuthEnabled)
+ else if (!tokenManager.isEnabled)
sendResponseCallback(Errors.DELEGATION_TOKEN_AUTH_DISABLED,
Collections.emptyList)
else {
val requestPrincipal = request.context.principal
diff --git
a/server-common/src/main/java/org/apache/kafka/security/DelegationTokenManager.java
b/server-common/src/main/java/org/apache/kafka/security/DelegationTokenManager.java
index ef82a0702c8..e078d9a2ea8 100644
---
a/server-common/src/main/java/org/apache/kafka/security/DelegationTokenManager.java
+++
b/server-common/src/main/java/org/apache/kafka/security/DelegationTokenManager.java
@@ -104,6 +104,10 @@ public class DelegationTokenManager {
.toList();
}
+ public boolean isEnabled() {
+ return secretKey != null;
+ }
+
public static boolean filterToken(
KafkaPrincipal requesterPrincipal,
Optional<List<KafkaPrincipal>> owners,
