[jira] [Commented] (KAFKA-4570) How to transfer extended fields in producing or consuming requests.

Mon, 09 Jan 2017 21:10:14 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-4570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15813908#comment-15813908
 ] 

Ewen Cheslack-Postava commented on KAFKA-4570:
----------------------------------------------

[~zander] I am not super familiar with the auth code, but see 
http://kafka.apache.org/documentation.html#security_overview for a run down of 
what's available. The authentication step (i.e. verifying the connection is 
coming from the principal/user it claims to be from) is implemented using a 
fixed set of schemes: SSL, SASL Kerberos, SASL PLAIN, and, coming in 0.10.2.0 
SASL SCRAM. These happen immediately when the connection is created.

Authentication is the pluggable component. This refers to how ACLs are 
implemented, i.e. how you can decide which principal/user has access to which 
resources. The default built-in implementation just stores its rules in ZK and 
processes them in the straightforward way.

If you want per-request validation on the same session where each request may 
have a different principal, you may be interested in 
https://cwiki.apache.org/confluence/display/KAFKA/KIP-48+Delegation+token+support+for+Kafka
 It does not propose exactly that, but it would probably be a precursor to what 
you're interested in.

Someone might be able to explain what is possible today or what improvements 
would be necessary to support your use case if you can more precisely lay out 
what types of properties you want to include and how you want authn and authz 
to work.

> How to transfer extended fields in producing or consuming requests.
> -------------------------------------------------------------------
>
>                 Key: KAFKA-4570
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4570
>             Project: Kafka
>          Issue Type: Wish
>          Components: clients
>    Affects Versions: 0.10.1.1
>            Reporter: zander
>            Priority: Critical
>              Labels: features
>
> We encounter a problem that  we can not transfer extended fields for 
> producing or consuming requests to the broker.
> We want to validate  the producers or consumers in a custom way other than 
> using SSL.
> In general, such as JMS, it is possible to transfer user-related fields to 
> server.
> But it seems that Kafka dose not support this, its protocol is very tight and 
>  unable to add user-defined fields.
> So is there any way  achieving this goal ?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to