[
https://issues.apache.org/jira/browse/KAFKA-6532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajini Sivaram resolved KAFKA-6532.
-----------------------------------
Resolution: Fixed
Fix Version/s: 1.1.0
> Delegation token internals should not impact public interfaces
> --------------------------------------------------------------
>
> Key: KAFKA-6532
> URL: https://issues.apache.org/jira/browse/KAFKA-6532
> Project: Kafka
> Issue Type: Bug
> Components: core
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Major
> Fix For: 1.1.0
>
>
> We need to make sure that code related to the internal delegation tokens
> implementation doesn't have any impact on public interfaces, including
> customizable callback handlers from KIP-86.
> # KafkaPrincipal has a public _tokenAuthenticated()_ method. Principal
> builders are configurable and we now expect custom principal builders to set
> this value. Since we allow the same endpoint to be used for basic SCRAM and
> delegation tokens, the configured principal builder needs a way of detecting
> token authentication. Default principal builder does this using internal
> SCRAM implementation code. It will be better if configurable principal
> builders didn't have to set this flag at all.
> # It will be better to replace
> _o.a.k.c.security.scram.DelegationTokenAuthenticationCallback_ with a more
> generic _ScramExtensionsCallback_. This will allow us to add more extensions
> in future and it will also enable custom Scram extensions.
> # _ScramCredentialCallback_ was extended to add _tokenOwner_ and mechanism.
> Mechanism is determined during SASL handshake and shouldn't be configurable
> in a callback handler. _ScramCredentialCallback_ is being made a public
> interface in KIP-86 with configurable callback handlers. Since delegation
> token implementation is internal and not extensible, _tokenOwner_ should be
> in a delegation-token-specific callback.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
