Mayuresh Gharat created KAFKA-4454:
--------------------------------------
Summary: Authorizer should also include the Principal generated by
the PrincipalBuilder.
Key: KAFKA-4454
URL: https://issues.apache.org/jira/browse/KAFKA-4454
Project: Kafka
Issue Type: Bug
Affects Versions: 0.10.0.1
Reporter: Mayuresh Gharat
Assignee: Mayuresh Gharat
Fix For: 0.10.2.0
Currently kafka allows users to plugin a custom PrincipalBuilder and a custom
Authorizer.
The Authorizer.authorize() object takes in a Session object that wraps
KafkaPrincipal and InetAddress.
The KafkaPrincipal currently has a PrincipalType and Principal name, which is
the name of Principal generated by the PrincipalBuilder.
This Principal, generated by the pluggedin PrincipalBuilder might have other
fields that might be required by the pluggedin Authorizer but currently we
loose this information since we only extract the name of Principal while
creating KaflkaPrincipal in SocketServer.
It would be great if KafkaPrincipal has an additional field "channelPrincipal"
which is used to store the Principal generated by the plugged in
PrincipalBuilder.
The pluggedin Authorizer can then use this "channelPrincipal" to do
authorization.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
