[
https://issues.apache.org/jira/browse/KAFKA-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15712970#comment-15712970
]
Ismael Juma commented on KAFKA-4454:
------------------------------------
[~mgharat], thanks. That could work. Do you have some examples of fields that
you would want your principal to pass? Generally, I think the current way we
use `KafkaPrincipal` is a bit confusing. I created a PR[1] a while back that
used `SimplePrincipal` for authentication and `KafkaPrincipal` for
authorization. With the clear separation, adding a field for authorization
purposes (like proposed here) would not affect the authentication cases.
[1] https://github.com/apache/kafka/pull/551/files
> Authorizer should also include the Principal generated by the
> PrincipalBuilder.
> -------------------------------------------------------------------------------
>
> Key: KAFKA-4454
> URL: https://issues.apache.org/jira/browse/KAFKA-4454
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 0.10.0.1
> Reporter: Mayuresh Gharat
> Assignee: Mayuresh Gharat
> Fix For: 0.10.2.0
>
>
> Currently kafka allows users to plugin a custom PrincipalBuilder and a custom
> Authorizer.
> The Authorizer.authorize() object takes in a Session object that wraps
> KafkaPrincipal and InetAddress.
> The KafkaPrincipal currently has a PrincipalType and Principal name, which is
> the name of Principal generated by the PrincipalBuilder.
> This Principal, generated by the pluggedin PrincipalBuilder might have other
> fields that might be required by the pluggedin Authorizer but currently we
> loose this information since we only extract the name of Principal while
> creating KaflkaPrincipal in SocketServer.
> It would be great if KafkaPrincipal has an additional field
> "channelPrincipal" which is used to store the Principal generated by the
> plugged in PrincipalBuilder.
> The pluggedin Authorizer can then use this "channelPrincipal" to do
> authorization.
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
