nixonrodrigues commented on a change in pull request #58: [ATLAS-3261] Set
kafka user as current principal for Ranger Authorization
URL: https://github.com/apache/atlas/pull/58#discussion_r291610536
##########
File path:
webapp/src/main/java/org/apache/atlas/notification/NotificationHookConsumer.java
##########
@@ -477,6 +484,31 @@ public void doWork() {
}
}
+ private void setMessagePrincipal(String messageUser) throws
AtlasException {
+ Configuration configuration = ApplicationProperties.get();
+ boolean msgPrincipalEnabled =
configuration.getBoolean("atlas.authentication.method.kafka.message.principal",
false);
+
+ if(msgPrincipalEnabled) {
+ if (!StringUtils.isEmpty(messageUser)) {
+ List<GrantedAuthority> grantedAuths =
getAuthoritiesFromUGI(messageUser);
+ UserDetails principal;
+
+ if (grantedAuths.isEmpty()) {
+ principal = new User(messageUser, "", new HashSet<>());
+ } else {
+ principal = new User(messageUser, "", grantedAuths);
+ }
+
+ Authentication finalAuthentication = new
UsernamePasswordAuthenticationToken(principal, "");
+
SecurityContextHolder.getContext().setAuthentication(finalAuthentication);
Review comment:
This will be adding authentication in context for every message and this can
cause performance issue. Can we maintain session some how ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
