[jira] [Comment Edited] (KAFKA-4454) Authorizer should also include the Principal generated by the PrincipalBuilder.

Fri, 02 Dec 2016 12:14:24 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15716114#comment-15716114
 ] 

Mayuresh Gharat edited comment on KAFKA-4454 at 12/2/16 8:13 PM:
-----------------------------------------------------------------

[~ijuma] To make progress on this let me upload a PR for this and then if we 
want to include SimplePrincipal, I will be happy to rebase the patch you 
mentioned above. Does that work ? :)


was (Author: mgharat):
[~ijuma] I might not be understanding "accentuates the differences between 
authentication and authorization." completely.
Let me upload a PR for this and then if we want to include SimplePrincipal, I 
will be happy to rebase the patch you mentioned here. Does that work ? :)

> Authorizer should also include the Principal generated by the 
> PrincipalBuilder.
> -------------------------------------------------------------------------------
>
>                 Key: KAFKA-4454
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4454
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.10.0.1
>            Reporter: Mayuresh Gharat
>            Assignee: Mayuresh Gharat
>             Fix For: 0.10.2.0
>
>
> Currently kafka allows users to plugin a custom PrincipalBuilder and a custom 
> Authorizer.
> The Authorizer.authorize() object takes in a Session object that wraps 
> KafkaPrincipal and InetAddress.
> The KafkaPrincipal currently has a PrincipalType and Principal name, which is 
> the name of Principal generated by the PrincipalBuilder. 
> This Principal, generated by the pluggedin PrincipalBuilder might have other 
> fields that might be required by the pluggedin Authorizer but currently we 
> loose this information since we only extract the name of Principal while 
> creating KaflkaPrincipal in SocketServer.  
> It would be great if KafkaPrincipal has an additional field 
> "channelPrincipal" which is used to store the Principal generated by the 
> plugged in PrincipalBuilder.
> The pluggedin Authorizer can then use this "channelPrincipal" to do 
> authorization.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to