Re: [PR] KAFKA-15452: Access SslPrincipalMapper and kerberosShortNamer in Custom KafkaPrincipalBuilder(KIP-982) [kafka]

Mon, 09 Oct 2023 05:39:53 -0700 


plazma-prizma commented on code in PR #14491:
URL: https://github.com/apache/kafka/pull/14491#discussion_r1350253419


##########
clients/src/main/java/org/apache/kafka/common/network/ChannelBuilders.java:
##########
@@ -240,12 +242,19 @@ public static KafkaPrincipalBuilder 
createPrincipalBuilder(Map<String, ?> config
                                                                
KerberosShortNamer kerberosShortNamer,
                                                                
SslPrincipalMapper sslPrincipalMapper) {
         Class<?> principalBuilderClass = (Class<?>) 
configs.get(BrokerSecurityConfigs.PRINCIPAL_BUILDER_CLASS_CONFIG);
-        final KafkaPrincipalBuilder builder;
+        KafkaPrincipalBuilder builder;
 
         if (principalBuilderClass == null || principalBuilderClass == 
DefaultKafkaPrincipalBuilder.class) {
             builder = new DefaultKafkaPrincipalBuilder(kerberosShortNamer, 
sslPrincipalMapper);
         } else if 
(KafkaPrincipalBuilder.class.isAssignableFrom(principalBuilderClass)) {
-            builder = (KafkaPrincipalBuilder) 
Utils.newInstance(principalBuilderClass);
+            try {
+                Constructor<?> constructor = 
principalBuilderClass.getConstructor(KerberosShortNamer.class, 
SslPrincipalMapper.class);
+                builder = (KafkaPrincipalBuilder) 
constructor.newInstance(kerberosShortNamer, sslPrincipalMapper);

Review Comment:
   This looks as if it is solving a problem for a certain Principal type. Not 
all of the principals have to use KerberosShortNamer, it is related if the 
credentials are provided by the Kerberos authentication.
   
   Why don't you define a subclass of KerberosPrincipalBuilder instead and 
provide these details only to that one?
   
   Moreover, you could even define SSLPrincipalBuilder as well.
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to