> On April 24, 2015, 7:07 p.m., Gari Singh wrote: > > 1) I think that Session should take a Subject rather than just a single > > Principal. The reason for this is because a Subject can have multiple > > Principals (for example both a username and a group or perhaps someone > > would want to use both the username and the clientIP as Principals) > > > > This is also more in line with JAAS as well and would fit better with > > authentication modules > > > > 2) We would then also have multiple concrete Principals, e.g. > > > > KafkaPrincipal > > KafkaUserPrincipal > > KafkaGroupPrincipal > > (perhaps even KafkaKerberosPrincipal and KafkaClientAddressPrincipal) > > etc > > > > This is important as eventually (hopefully sooner than later), we will > > support multiple types of authentication which may each want to populate > > the Subject with one or more Principals and perhaps even credentials (this > > could be used in the future to hold encryption keys or perhaps the raw info > > prior to authentication).
I am not sure how the Subject is valid here. Client holds a its own Subject and server holds its own Subject. Once Sasl auth done you get the client's authorizer ID by calling saslServer.getAuthorizationID() this will give you a String of the clients principal. Why would we associate a Subject than just a prinicipal. - Sriharsha ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/27204/#review81522 ----------------------------------------------------------- On Oct. 26, 2014, 5:37 a.m., Gwen Shapira wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/27204/ > ----------------------------------------------------------- > > (Updated Oct. 26, 2014, 5:37 a.m.) > > > Review request for kafka. > > > Bugs: KAFKA-1683 > https://issues.apache.org/jira/browse/KAFKA-1683 > > > Repository: kafka > > > Description > ------- > > added test for Session > > > Diffs > ----- > > core/src/main/scala/kafka/network/RequestChannel.scala > 4560d8fb7dbfe723085665e6fd611c295e07b69b > core/src/main/scala/kafka/network/SocketServer.scala > cee76b323e5f3e4c783749ac9e78e1ef02897e3b > core/src/test/scala/unit/kafka/network/SocketServerTest.scala > 5f4d85254c384dcc27a5a84f0836ea225d3a901a > > Diff: https://reviews.apache.org/r/27204/diff/ > > > Testing > ------- > > > Thanks, > > Gwen Shapira > >
