[jira] [Commented] (KAFKA-4406) Add support for custom Java Security Providers in configuration

Wed, 16 Nov 2016 02:33:05 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-4406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15670080#comment-15670080
 ] 

Magnus Reftel commented on KAFKA-4406:
--------------------------------------

The PR adds it for both broker and clients, so both can be configured using the 
same property, if desired. The name of the property could definitely be better, 
though, as it's not tied to ssl.provider (which is used as provider name for 
the SSL context, and the SSL context only, whereas the provider classes are 
relevant to all algorithm lookups). All other settings related to security 
start with `ssl.`, though, so it should probably be in that part of the tree 
(and I find no usages of JCA provider mechanism outside of the SSL code). Any 
suggestions?

I don't quite get what the use of replacing an existing provider would be. If 
overriding the implementation of an existing algorithm, then specifying the 
provider name (like one can do for SSL contexts using the `ssl.provider` 
setting - I guess this would be useful also in the other places where one can 
specify algorithm names) is the standard way of doing it. If adding a new 
algorithm, then using the name of the new one as e.g. 
`ssl.keymanager.algorithm` would suffice. What am I missing?

> Add support for custom Java Security Providers in configuration
> ---------------------------------------------------------------
>
>                 Key: KAFKA-4406
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4406
>             Project: Kafka
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 0.10.0.1
>            Reporter: Magnus Reftel
>            Priority: Minor
>
> Currently, the only way to add a custom security provider is though adding a 
> -Djava.security.properties=<filename> option to the command line, e.g. though 
> KAFKA_OPTS. It would be more convenient if this could be done though the 
> config file, like all the other SSL related options.
> I propose adding a new configuration option, ssl.provider.classes, which 
> holds a list of names of security provider classes that will be loaded, 
> instantiated, and added before creating SSL contexts.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to