[
https://issues.apache.org/jira/browse/KAFKA-2211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14727971#comment-14727971
]
Jun Rao commented on KAFKA-2211:
--------------------------------
A couple of other things:
1. Since the authorizer uses KafkaPrincipal for comparison, in SocketServer,
when creating the session object, we should create a KafkaPrincipal instead of
using KafkaChannel.principal(). Otherwise, it won't match the KafkaPrincipal
used in authorizer. The type in KafkaPrincipal should always be USER and the
name should be KafkaChannel.principal().getName().
2. We should add some unit tests to verify that a client response gets the
correct unauthorized error code from the broker if the needed ACL is not set.
Ideally we want to cover all types of request and have some mix of authorized
and unauthorized topics. This can be done either in this jira or in KAFKA-2212.
> KafkaAuthorizer: Add simpleACLAuthorizer implementation.
> --------------------------------------------------------
>
> Key: KAFKA-2211
> URL: https://issues.apache.org/jira/browse/KAFKA-2211
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Reporter: Parth Brahmbhatt
> Assignee: Parth Brahmbhatt
> Priority: Blocker
> Fix For: 0.8.3
>
> Attachments: KAFKA-2211.patch
>
>
> Subtask-2 for Kafka-1688.
> Please see KIP-11 to get details on out of box SimpleACLAuthorizer
> implementation
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+Interface.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
