THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The high level proposal in the requirement is to define a calls for new interface similar to this the one given below which can be implemented by the authentication service provider.
Code Block | ||
---|---|---|
| ||
PermissionManager.isPermitted(Subject subject, InetAddress ip, Permissions permission, String resource) |
New Kafka Classes
Session
- Represents the life of a (TCP) connection
- Container to session specific data. E.g. one or more of the below
- Username
- Client IP
- Certificate
- Mode of authentication
SessionManager (Singleton)
- This is a singleton object
- This contains the mapping between connections and Session objects
- Facilitates authentication for new connections
- Contains utility methods to retrieve Session object corresponding to the connection
PermissionProvider (Interface)
- Contains the interface methods that needs to be implemented by the authorization provider
- It is assumed that there only one active PermissionProvider. Cascading providers can be supported in the future
DefaultPermissionProvider
- Out of the box implementation of the PermissionProvider
- Stores policies in the properties file or ZooKeeper
- Self contained and no dependencies with any other vendor or providers
PermissionManager (Singleton)
- Helper methods to instantiate the implementation of PermissionProvider
- Proxies all calls to PermissionProvider. E.g. provides helper method for checkPermission
- Enriches context sent to PermissionProvider. E.g. adds session context
- Scalable approach to support multiple providers in the future
Permissions
- Contains the list of permission supported
Subject
- Holds username or other principal
Compatibility, Deprecation, and Migration Plan
...