plazma-prizma commented on code in PR #14491: URL: https://github.com/apache/kafka/pull/14491#discussion_r1350253419
########## clients/src/main/java/org/apache/kafka/common/network/ChannelBuilders.java: ########## @@ -240,12 +242,19 @@ public static KafkaPrincipalBuilder createPrincipalBuilder(Map<String, ?> config KerberosShortNamer kerberosShortNamer, SslPrincipalMapper sslPrincipalMapper) { Class<?> principalBuilderClass = (Class<?>) configs.get(BrokerSecurityConfigs.PRINCIPAL_BUILDER_CLASS_CONFIG); - final KafkaPrincipalBuilder builder; + KafkaPrincipalBuilder builder; if (principalBuilderClass == null || principalBuilderClass == DefaultKafkaPrincipalBuilder.class) { builder = new DefaultKafkaPrincipalBuilder(kerberosShortNamer, sslPrincipalMapper); } else if (KafkaPrincipalBuilder.class.isAssignableFrom(principalBuilderClass)) { - builder = (KafkaPrincipalBuilder) Utils.newInstance(principalBuilderClass); + try { + Constructor<?> constructor = principalBuilderClass.getConstructor(KerberosShortNamer.class, SslPrincipalMapper.class); + builder = (KafkaPrincipalBuilder) constructor.newInstance(kerberosShortNamer, sslPrincipalMapper); Review Comment: This looks as if it is solving a problem for a certain Principal type. Not all of the principals have to use KerberosShortNamer, it is related if the credentials are provided by the Kerberos authentication. Why don't you define a subclass of KerberosPrincipalBuilder instead and provide these details only to that one? Moreover, you could even define SSLPrincipalBuilder as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org