[
https://issues.apache.org/jira/browse/KAFKA-4406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15667577#comment-15667577
]
Rajini Sivaram commented on KAFKA-4406:
---------------------------------------
The PR adds the new configuration to clients, so I had assumed that you were
updating providers in client VMs. A few comments:
* Having two different ways for configuring clients and broker for the same
property doesn't sound good.
* I think the PR is adding any security provider and not just
{{ssl.provider.classes}}, so the configuration option name is misleading.
* Not sure if the solution is generic enough. The PR adds a security provider
to the end of the list provided by the JVM, confiigured system property etc.
That works in this case where you are adding a new type, but not in the case
where you want to replace a provider (then you are back again to fixing it in
the standard Java way for the JVM). Perhaps an interface or a generic broker
interceptor would be better?
> Add support for custom Java Security Providers in configuration
> ---------------------------------------------------------------
>
> Key: KAFKA-4406
> URL: https://issues.apache.org/jira/browse/KAFKA-4406
> Project: Kafka
> Issue Type: Improvement
> Components: core
> Affects Versions: 0.10.0.1
> Reporter: Magnus Reftel
> Priority: Minor
>
> Currently, the only way to add a custom security provider is though adding a
> -Djava.security.properties=<filename> option to the command line, e.g. though
> KAFKA_OPTS. It would be more convenient if this could be done though the
> config file, like all the other SSL related options.
> I propose adding a new configuration option, ssl.provider.classes, which
> holds a list of names of security provider classes that will be loaded,
> instantiated, and added before creating SSL contexts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
