[
https://issues.apache.org/jira/browse/KAFKA-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manikumar resolved KAFKA-4454.
------------------------------
Resolution: Fixed
This is covered in KIP-189/KAFKA-5783
> Authorizer should also include the Principal generated by the
> PrincipalBuilder.
> -------------------------------------------------------------------------------
>
> Key: KAFKA-4454
> URL: https://issues.apache.org/jira/browse/KAFKA-4454
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 0.10.0.1
> Reporter: Mayuresh Gharat
> Assignee: Mayuresh Gharat
>
> Currently kafka allows users to plugin a custom PrincipalBuilder and a custom
> Authorizer.
> The Authorizer.authorize() object takes in a Session object that wraps
> KafkaPrincipal and InetAddress.
> The KafkaPrincipal currently has a PrincipalType and Principal name, which is
> the name of Principal generated by the PrincipalBuilder.
> This Principal, generated by the pluggedin PrincipalBuilder might have other
> fields that might be required by the pluggedin Authorizer but currently we
> loose this information since we only extract the name of Principal while
> creating KaflkaPrincipal in SocketServer.
> It would be great if KafkaPrincipal has an additional field
> "channelPrincipal" which is used to store the Principal generated by the
> plugged in PrincipalBuilder.
> The pluggedin Authorizer can then use this "channelPrincipal" to do
> authorization.
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
