[ https://issues.apache.org/jira/browse/KAFKA-2579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Gustafson reassigned KAFKA-2579: -------------------------------------- Assignee: Jason Gustafson > Unauthorized clients should not be able to join groups > ------------------------------------------------------- > > Key: KAFKA-2579 > URL: https://issues.apache.org/jira/browse/KAFKA-2579 > Project: Kafka > Issue Type: Sub-task > Components: security > Affects Versions: 0.9.0.0 > Reporter: Jason Gustafson > Assignee: Jason Gustafson > > The JoinGroup authorization is only checked in the response callback which is > invoked after the request has been forwarded to the ConsumerCoordinator and > the client has joined the group. This allows unauthorized members to impact > the rest of the group since the coordinator will assign partitions to them. > It would be better to check permission and return immediately if the client > is unauthorized. -- This message was sent by Atlassian JIRA (v6.3.4#6332)