Re: Review Request 27204: Patch for KAFKA-1683
> On April 24, 2015, 7:07 p.m., Gari Singh wrote: > > 1) I think that Session should take a Subject rather than just a single > > Principal. The reason for this is because a Subject can have multiple > > Principals (for example both a username and a group or perhaps someone > > would want to use both the username and the clientIP as Principals) > > > > This is also more in line with JAAS as well and would fit better with > > authentication modules > > > > 2) We would then also have multiple concrete Principals, e.g. > > > > KafkaPrincipal > > KafkaUserPrincipal > > KafkaGroupPrincipal > > (perhaps even KafkaKerberosPrincipal and KafkaClientAddressPrincipal) > > etc > > > > This is important as eventually (hopefully sooner than later), we will > > support multiple types of authentication which may each want to populate > > the Subject with one or more Principals and perhaps even credentials (this > > could be used in the future to hold encryption keys or perhaps the raw info > > prior to authentication). I am not sure how the Subject is valid here. Client holds a its own Subject and server holds its own Subject. Once Sasl auth done you get the client's authorizer ID by calling saslServer.getAuthorizationID() this will give you a String of the clients principal. Why would we associate a Subject than just a prinicipal. - Sriharsha --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/27204/#review81522 --- On Oct. 26, 2014, 5:37 a.m., Gwen Shapira wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/27204/ > --- > > (Updated Oct. 26, 2014, 5:37 a.m.) > > > Review request for kafka. > > > Bugs: KAFKA-1683 > https://issues.apache.org/jira/browse/KAFKA-1683 > > > Repository: kafka > > > Description > --- > > added test for Session > > > Diffs > - > > core/src/main/scala/kafka/network/RequestChannel.scala > 4560d8fb7dbfe723085665e6fd611c295e07b69b > core/src/main/scala/kafka/network/SocketServer.scala > cee76b323e5f3e4c783749ac9e78e1ef02897e3b > core/src/test/scala/unit/kafka/network/SocketServerTest.scala > 5f4d85254c384dcc27a5a84f0836ea225d3a901a > > Diff: https://reviews.apache.org/r/27204/diff/ > > > Testing > --- > > > Thanks, > > Gwen Shapira > >
Re: Review Request 27204: Patch for KAFKA-1683
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/27204/#review81522 --- 1) I think that Session should take a Subject rather than just a single Principal. The reason for this is because a Subject can have multiple Principals (for example both a username and a group or perhaps someone would want to use both the username and the clientIP as Principals) This is also more in line with JAAS as well and would fit better with authentication modules 2) We would then also have multiple concrete Principals, e.g. KafkaPrincipal KafkaUserPrincipal KafkaGroupPrincipal (perhaps even KafkaKerberosPrincipal and KafkaClientAddressPrincipal) etc This is important as eventually (hopefully sooner than later), we will support multiple types of authentication which may each want to populate the Subject with one or more Principals and perhaps even credentials (this could be used in the future to hold encryption keys or perhaps the raw info prior to authentication). - Gari Singh On Oct. 26, 2014, 5:37 a.m., Gwen Shapira wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/27204/ > --- > > (Updated Oct. 26, 2014, 5:37 a.m.) > > > Review request for kafka. > > > Bugs: KAFKA-1683 > https://issues.apache.org/jira/browse/KAFKA-1683 > > > Repository: kafka > > > Description > --- > > added test for Session > > > Diffs > - > > core/src/main/scala/kafka/network/RequestChannel.scala > 4560d8fb7dbfe723085665e6fd611c295e07b69b > core/src/main/scala/kafka/network/SocketServer.scala > cee76b323e5f3e4c783749ac9e78e1ef02897e3b > core/src/test/scala/unit/kafka/network/SocketServerTest.scala > 5f4d85254c384dcc27a5a84f0836ea225d3a901a > > Diff: https://reviews.apache.org/r/27204/diff/ > > > Testing > --- > > > Thanks, > > Gwen Shapira > >
Review Request 27204: Patch for KAFKA-1683
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/27204/ --- Review request for kafka. Bugs: KAFKA-1683 https://issues.apache.org/jira/browse/KAFKA-1683 Repository: kafka Description --- added test for Session Diffs - core/src/main/scala/kafka/network/RequestChannel.scala 4560d8fb7dbfe723085665e6fd611c295e07b69b core/src/main/scala/kafka/network/SocketServer.scala cee76b323e5f3e4c783749ac9e78e1ef02897e3b core/src/test/scala/unit/kafka/network/SocketServerTest.scala 5f4d85254c384dcc27a5a84f0836ea225d3a901a Diff: https://reviews.apache.org/r/27204/diff/ Testing --- Thanks, Gwen Shapira