arempter commented on a change in pull request #58: [ATLAS-3261] Set kafka user
as current principal for Ranger Authorization
URL: https://github.com/apache/atlas/pull/58#discussion_r291832121
##########
File path:
webapp/src/main/java/org/apache/atlas/notification/NotificationHookConsumer.java
##########
@@ -477,6 +484,31 @@ public void doWork() {
}
}
+ private void setMessagePrincipal(String messageUser) throws
AtlasException {
+ Configuration configuration = ApplicationProperties.get();
+ boolean msgPrincipalEnabled =
configuration.getBoolean("atlas.authentication.method.kafka.message.principal",
false);
+
+ if(msgPrincipalEnabled) {
+ if (!StringUtils.isEmpty(messageUser)) {
+ List<GrantedAuthority> grantedAuths =
getAuthoritiesFromUGI(messageUser);
+ UserDetails principal;
+
+ if (grantedAuths.isEmpty()) {
+ principal = new User(messageUser, "", new HashSet<>());
+ } else {
+ principal = new User(messageUser, "", grantedAuths);
+ }
+
+ Authentication finalAuthentication = new
UsernamePasswordAuthenticationToken(principal, "");
+
SecurityContextHolder.getContext().setAuthentication(finalAuthentication);
Review comment:
I think it is difficult to say about the session here, since every kafka
message processed can potentially have different user or properties.
I see it more similar in nature to REST call, where you authenticate every
request.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
