Rajini Sivaram created KAFKA-6532:
-------------------------------------
Summary: Delegation token internals should not impact public
interfaces
Key: KAFKA-6532
URL: https://issues.apache.org/jira/browse/KAFKA-6532
Project: Kafka
Issue Type: Bug
Components: core
Reporter: Rajini Sivaram
Assignee: Rajini Sivaram
We need to make sure that code related to the internal delegation tokens
implementation doesn't have any impact on public interfaces, including
customizable callback handlers from KIP-86.
# KafkaPrincipal has a public _tokenAuthenticated()_ method. Principal
builders are configurable and we now expect custom principal builders to set
this value. Since we allow the same endpoint to be used for basic SCRAM and
delegation tokens, the configured principal builder needs a way of detecting
token authentication. Default principal builder does this using internal SCRAM
implementation code. It will be better if configurable principal builders
didn't have to set this flag at all.
# It will be better to replace
_o.a.k.c.security.scram.DelegationTokenAuthenticationCallback_ with a more
generic _ScramExtensionsCallback_. This will allow us to add more extensions in
future and it will also enable custom Scram extensions.
# _ScramCredentialCallback_ was extended to add _tokenOwner_ and mechanism.
Mechanism is determined during SASL handshake and shouldn't be configurable in
a callback handler. _ScramCredentialCallback_ is being made a public interface
in KIP-86 with configurable callback handlers. Since delegation token
implementation is internal and not extensible, _tokenOwner_ should be in a
delegation-token-specific callback.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
