[
https://issues.apache.org/jira/browse/KAFKA-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15709335#comment-15709335
]
Mayuresh Gharat commented on KAFKA-4454:
----------------------------------------
[~jjkoshy] [~ashishsinghdev] [~parth.brahmbhatt] [~ijuma] ping :)
> Authorizer should also include the Principal generated by the
> PrincipalBuilder.
> -------------------------------------------------------------------------------
>
> Key: KAFKA-4454
> URL: https://issues.apache.org/jira/browse/KAFKA-4454
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 0.10.0.1
> Reporter: Mayuresh Gharat
> Assignee: Mayuresh Gharat
> Fix For: 0.10.2.0
>
>
> Currently kafka allows users to plugin a custom PrincipalBuilder and a custom
> Authorizer.
> The Authorizer.authorize() object takes in a Session object that wraps
> KafkaPrincipal and InetAddress.
> The KafkaPrincipal currently has a PrincipalType and Principal name, which is
> the name of Principal generated by the PrincipalBuilder.
> This Principal, generated by the pluggedin PrincipalBuilder might have other
> fields that might be required by the pluggedin Authorizer but currently we
> loose this information since we only extract the name of Principal while
> creating KaflkaPrincipal in SocketServer.
> It would be great if KafkaPrincipal has an additional field
> "channelPrincipal" which is used to store the Principal generated by the
> plugged in PrincipalBuilder.
> The pluggedin Authorizer can then use this "channelPrincipal" to do
> authorization.
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
