[GitHub] [kafka] pprovenzano commented on a diff in pull request #14083: KAFKA-15219: KRaft support for DelegationTokens

via GitHub Fri, 18 Aug 2023 19:21:07 -0700


pprovenzano commented on code in PR #14083:
URL: https://github.com/apache/kafka/pull/14083#discussion_r1299014422



##########
core/src/main/scala/kafka/server/ControllerApis.scala:
##########
@@ -842,6 +848,114 @@ class ControllerApis(val requestChannel: RequestChannel,
       }
   }
 
+  def allowTokenRequests(request: RequestChannel.Request): Boolean = {
+    val protocol = request.context.securityProtocol
+    if (request.context.principal.tokenAuthenticated ||
+      // We allow forwarded requests to use PLAINTEXT for testing purposes
+      (request.isForwarded == false && protocol == SecurityProtocol.PLAINTEXT) 
||
+      // disallow requests from 1-way SSL
+      (protocol == SecurityProtocol.SSL && request.context.principal == 
KafkaPrincipal.ANONYMOUS))
+      false
+    else
+      true
+  }

Review Comment:
   Updated with comment



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [kafka] pprovenzano commented on a diff in pull request #14083: KAFKA-15219: KRaft support for DelegationTokens

Reply via email to