d8tltanc commented on a change in pull request #9485:
URL: https://github.com/apache/kafka/pull/9485#discussion_r534589923
##########
File path: core/src/main/scala/kafka/security/authorizer/AuthorizerWrapper.scala
##########
@@ -175,4 +179,73 @@ class AuthorizerWrapper(private[kafka] val baseAuthorizer:
kafka.security.auth.A
override def close(): Unit = {
baseAuthorizer.close()
}
+
+ override def authorizeByResourceType(requestContext:
AuthorizableRequestContext,
+ op: AclOperation,
+ resourceType: ResourceType):
AuthorizationResult = {
+ if (resourceType == ResourceType.ANY)
+ throw new IllegalArgumentException("Must specify a non-filter resource
type for authorizeByResourceType")
+
+ if (resourceType == ResourceType.UNKNOWN)
+ throw new IllegalArgumentException("Unknown resource type")
+
+ if (op == AclOperation.ANY)
+ throw new IllegalArgumentException("Must specify a non-filter operation
type for authorizeByResourceType")
+
+ if (op == AclOperation.UNKNOWN)
+ throw new IllegalArgumentException("Unknown operation type")
+
+ if (shouldAllowEveryoneIfNoAclIsFound && !denyAllResource(requestContext,
op, resourceType)) {
Review comment:
right. Just as what AclAuthorizer does. commit
18c5c04ad4d8c98dc3cdaa6d15bf70b9991a6b88
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
