...
Authenticated user principal will be obtained from the Session
object. Base64URL-encoded hex string version of the Principal will be used so that it can be used as a node name in Zookeeper and in metrics without placing any restrictions on the characters allowed in the principal. Characters that cannot be used for Zookeeper node names or metrics (eg. *) will be percent-encoded. For PLAINTEXT, the principal is "anonymous
ANONYMOUS" by default and quotas will be applied for that principal. But principal can be overridden using a custom principal builder even for PLAINTEXT, enabling different user quotas, for example, for connections from different IP addresses.
...
quota-id
is the concatenation of base64url-encoded user principal and client-id. Clients-ids without a sub-quota override share the user's quota and hence use the encoded user principal asquota-id
.- In the example (non-encoded user principal is used here for readability):
- All clients of user1 share the quota-id user1
- clientA of user2 uses the quota-id user2clientA
- clientC of user2 uses the quota-id user2 since it does not have a client quota override, sharing a quota with other clients of user2.
- clientA of user3 uses the quota-id user3clientA
...
Client-id based quota configuration overrides will continue be stored under /config/clients,
but these will be applied only to clients of users without a quota override and only if default user quota is unlimited. Quota configuration overrides for user principals will be stored under /config/users
and these will include any sub-quota overrides for clients of each user. Note that Base64url-encoded hex version of the user principal will be used as node name under /config/users to cope with Zookeeper naming restrictions. The non-encoded user principal will be stored as a property to make it easy to identify the actual user associated with the path.
...