Versions Compared

Old Version 4

changes.mady.by.user Jason Gustafson

Saved on

compared with

New Version Current

changes.mady.by.user Jason Gustafson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Change AuthenticationContext security protocol accessor name

Table of Contents

Status

Current state:  Under Discussion Adopted

Discussion thread: here

JIRA:

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyKAFKA-5783

...

To address these problems, we propose first to introduce a new AuthenticationContext interface to encapsulate the authentication state needed to derive the principal. Initially we expose a single method methods to get the underlying security protocol in use and the client address

Code Block
interface AuthenticationContext {
  String securityProtocolName();
  SecurityProtocolInetAddress protocolclientAddress();
}

There will be two implementations of this interface exposed: SslAuthenticationContext and SaslAuthenticationContext. These expose the respective state needed to derive the Principal.

...

Both PrincipalBuilder and KafkaPrincipalBuilder will be exposed through the principal.builder.class configuration.
To avoid confusion when using extensions of KafkaPrincipal, we intend to deprecate and eventually remove the static fromString method since it only supports construction of KafkaPrincipal instances.

Rejected Alternatives

Another option to add support for SASL might be to modify the SaslServerAuthenticator to use the existing PrincipalBuilder. This allows us to write a custom PrincipalBuilder such as the following:

...