[ https://issues.apache.org/jira/browse/KAFKA-4406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15667577#comment-15667577 ]
Rajini Sivaram commented on KAFKA-4406: --------------------------------------- The PR adds the new configuration to clients, so I had assumed that you were updating providers in client VMs. A few comments: * Having two different ways for configuring clients and broker for the same property doesn't sound good. * I think the PR is adding any security provider and not just {{ssl.provider.classes}}, so the configuration option name is misleading. * Not sure if the solution is generic enough. The PR adds a security provider to the end of the list provided by the JVM, confiigured system property etc. That works in this case where you are adding a new type, but not in the case where you want to replace a provider (then you are back again to fixing it in the standard Java way for the JVM). Perhaps an interface or a generic broker interceptor would be better? > Add support for custom Java Security Providers in configuration > --------------------------------------------------------------- > > Key: KAFKA-4406 > URL: https://issues.apache.org/jira/browse/KAFKA-4406 > Project: Kafka > Issue Type: Improvement > Components: core > Affects Versions: 0.10.0.1 > Reporter: Magnus Reftel > Priority: Minor > > Currently, the only way to add a custom security provider is though adding a > -Djava.security.properties=<filename> option to the command line, e.g. though > KAFKA_OPTS. It would be more convenient if this could be done though the > config file, like all the other SSL related options. > I propose adding a new configuration option, ssl.provider.classes, which > holds a list of names of security provider classes that will be loaded, > instantiated, and added before creating SSL contexts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)