THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Table of Contents |
---|
Status
Current state: "Under DiscussionAccepted"
Discussion thread: here
JIRA: KAFKA-4292
...
- Name:
sasl.server.callback.handler.class
- Type:
STRING
- Doc: The fully qualified name of a SASL server callback handler class that implements the
AuthenticateCallbackHandler
interface. The config name must be prefixed by the listener prefix and mechanism name in lower case. If multiple listeners are enabled, the config may be prefixed with the listener prefix. For example,listener.name.sasl_ssl.plain.sasl.server.callback.handler.class
=com.example.CustomPlainCallbackHandler or scram-sha-256.sasl.server.callback.handler.class=com.example.CustomScramCallbackHandler. - Default: null (by default, the appropriate internal default callback handlers for each mechanism will be used)
...
- Name:
sasl.login.class
- Type:
CLASS
- Doc: A class that implements the
org.apache.kafka.common.security.auth.Login
interface. For brokers, the config name must be prefixed by the listener prefix and mechanism name in lower case and may also be prefixed with listener name. For example,listener.name.sasl_ssl.plain.sasl.login.class
=com.example.PlainServerLogin for brokers andsasl.login.class
=com.example.KerberosClientLogin for clients. - Default: null (by default, the internal class
KerberosLogin
will be used if Kerberos is enabled on the listener andDefaultLogin
otherwise)
Login callback handler class (for clients and brokers)
- Name:
sasl.login.callback.handler.class
- Type:
CLASS
- Doc: The fully qualified name of a Sasl login callback handler class that implements the
interface. For servers, the config name must be prefixed by the listener prefix and mechanism name in lower case. For example,org.apache.kafka.common.security.auth.
AuthenticateCallbackHandlerlistener.name.sasl_ssl.plain.sasl.login.class
=comcallback.
example.PlainServerLogin orscram-sha-256.sasl.login.handler.class
=com.example.ScramServerLogin PlainLoginCallbackHandler for brokers andsasl.login.callback.handler.class
=com.example.KerberosClientLoginPlainLoginCallbackHandler for clients. - Default: null (by default, the internal class
KerberosLogin
AbstractLogin.DefaultLoginCallbackHandler
will be used if Kerberos is enabled on the listener andDefaultLogin
otherwise)).
Callback Handler
The callback handler interface AuthenticateCallbackHandler
will extend the standard javax.security.auth.callback.CallbackHandler
interface, enabling the handler to be passed directly to SaslServer/SaslClient
implementations. The callback handler configured for a mechanism must include the callbacks as described below:
...
Code Block | ||||
---|---|---|---|---|
| ||||
package org.apache.kafka.common.security.auth;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
/**
* Login interface for authentication.
*/
public interface Login {
/**
* Configures this login instance.
*/
void configure(Map<String, ?> configs, String contextName, Configuration configuration,
AuthenticateCallbackHandler loginCallbackHandler);
/**
* Performs login for each login module specified for the login context of this instance.
*/
LoginContext login() throws LoginException;
/**
* Returns the authenticated subject of this login context.
*/
Subject subject();
/**
* Returns the service name to be used for SASL.
*/
String serviceName();
/**
* Closes this instance.
*/
void close();
} |
...