[
https://issues.apache.org/jira/browse/KAFKA-1882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gwen Shapira updated KAFKA-1882:
--------------------------------
Description:
For the security infrastructure, we need an extendible interface to replace
SocketChannel.
KAFKA-1684 suggests extending SocketChannel itself, but since SocketChannel is
part of Java's standard library, the interface changes between different Java
versions, so extending it directly can become a compatibility issue.
Instead, we can implement a KafkaChannel interface, which will implement
connect(), read(), write() and possibly other methods we use.
We will replace direct use of SocketChannel in our code with use of
KafkaChannel.
Different implementations of KafkaChannel will be instantiated based on the
port/SecurityProtocol configuration.
This patch will provide at least the PLAINTEXT implementation for KafkaChannel.
I will validate that the SSL implementation in KAFKA-1684 can be refactored to
use a KafkaChannel interface rather than extend SocketChannel directly.
However, the patch will not include the SSL channel itself.
The interface should also include setters/getters for principal and remote IP,
which will be used for the authentication code.
was:
For the security infrastructure, we need an extendible interface to replace
SocketChannel.
KAFKA-1684 suggests extending SocketChannel itself, but since SocketChannel is
part of Java's standard library, the interface changes between different Java
versions, so extending it directly can become a compatibility issue.
Instead, we can implement a KafkaChannel interface, which will implement
connect(), read(), write() and possibly other methods we use.
We will replace direct use of SocketChannel in our code with use of
KafkaChannel.
Different implementations of KafkaChannel will be instantiated based on the
port/SecurityProtocol configuration.
This patch will provide at least the PLAINTEXT implementation for KafkaChannel.
I will validate that the SSL implementation in KAFKA-1684 can be refactored to
use a KafkaChannel interface rather than extend SocketChannel directly.
However, the patch will not include the SSL channel itself.
> Create extendable channel interface and default implementations
> ---------------------------------------------------------------
>
> Key: KAFKA-1882
> URL: https://issues.apache.org/jira/browse/KAFKA-1882
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Reporter: Gwen Shapira
> Assignee: Gwen Shapira
>
> For the security infrastructure, we need an extendible interface to replace
> SocketChannel.
> KAFKA-1684 suggests extending SocketChannel itself, but since SocketChannel
> is part of Java's standard library, the interface changes between different
> Java versions, so extending it directly can become a compatibility issue.
> Instead, we can implement a KafkaChannel interface, which will implement
> connect(), read(), write() and possibly other methods we use.
> We will replace direct use of SocketChannel in our code with use of
> KafkaChannel.
> Different implementations of KafkaChannel will be instantiated based on the
> port/SecurityProtocol configuration.
> This patch will provide at least the PLAINTEXT implementation for
> KafkaChannel.
> I will validate that the SSL implementation in KAFKA-1684 can be refactored
> to use a KafkaChannel interface rather than extend SocketChannel directly.
> However, the patch will not include the SSL channel itself.
> The interface should also include setters/getters for principal and remote
> IP, which will be used for the authentication code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
