public class AclProvider
extends kafka.security.authorizer.AclAuthorizer
implements io.confluent.security.authorizer.provider.AccessRuleProvider
kafka.security.authorizer.AclAuthorizer.AclCacheTuple, kafka.security.authorizer.AclAuthorizer.AclCacheTuple$, kafka.security.authorizer.AclAuthorizer.AclChangedNotificationHandler$, kafka.security.authorizer.AclAuthorizer.AclSeqs, kafka.security.authorizer.AclAuthorizer.ResourceOrdering, kafka.security.authorizer.AclAuthorizer.VersionedAcls, kafka.security.authorizer.AclAuthorizer.VersionedAcls$
Constructor and Description |
---|
AclProvider() |
Modifier and Type | Method and Description |
---|---|
void |
addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules,
org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
String host,
io.confluent.security.authorizer.Operation operation,
io.confluent.security.authorizer.Scope resourceScope,
io.confluent.security.authorizer.ResourceType resourceType) |
List<org.apache.kafka.server.authorizer.AuthorizationResult> |
authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.server.authorizer.Action> actions) |
io.confluent.security.authorizer.provider.AuthorizeRule |
findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
String host,
io.confluent.security.authorizer.Action action) |
boolean |
isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal,
io.confluent.security.authorizer.Scope scope) |
protected Set<org.apache.kafka.common.security.auth.KafkaPrincipal> |
matchingPrincipals(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals) |
boolean |
mayDeny() |
String |
providerName() |
Map<org.apache.kafka.common.Endpoint,CompletableFuture<Void>> |
start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo) |
CompletionStage<Void> |
start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo,
Map<String,?> interBrokerListenerConfigs) |
void |
updateCache(org.apache.kafka.common.resource.ResourcePattern resource,
kafka.security.authorizer.AclAuthorizer.VersionedAcls versionedAcls) |
protected org.apache.kafka.common.security.auth.KafkaPrincipal |
userPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal) |
boolean |
usesMetadataFromThisKafkaCluster() |
aclCachePairSnapshot, AclCacheTuple, AclChangedNotificationHandler, aclChangeNotificationExpirationMs_$eq, aclChangeNotificationExpirationMs, acls, AllowEveryoneIfNoAclIsFoundProp, authorizeByResourceType, authorizerLogger, close, configPrefix, configure, createAcls, createAcls, debug, debug, deleteAcls, deleteAcls, error, error, fatal, fatal, findMatchingAclForPrincipal, findMatchingAclFromCacheByPrincipals, hasAclForResource, info, info, isDebugEnabled, isSuperUser, isTraceEnabled, logAuditMessage, logger, loggerName, logIdent_$eq, logIdent, matchingAcls, maxUpdateRetries_$eq, maxUpdateRetries, msgWithLogIdent, NoAcls, processAclChangeNotification, registerAclUpdateListener, startZkChangeListeners, SuperUsersProp, trace, trace, validateAclCaches, warn, warn, WildcardHost, ZkConnectionTimeOutProp, ZkMaxInFlightRequests, ZkSessionTimeOutProp, ZkUrlProp
public String providerName()
providerName
in interface io.confluent.security.authorizer.provider.Provider
public boolean isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.authorizer.Scope scope)
isSuperUser
in interface io.confluent.security.authorizer.provider.AccessRuleProvider
public boolean mayDeny()
mayDeny
in interface io.confluent.security.authorizer.provider.AccessRuleProvider
public boolean usesMetadataFromThisKafkaCluster()
usesMetadataFromThisKafkaCluster
in interface io.confluent.security.authorizer.provider.Provider
public io.confluent.security.authorizer.provider.AuthorizeRule findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Action action)
findRule
in interface io.confluent.security.authorizer.provider.AccessRuleProvider
public void addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Operation operation, io.confluent.security.authorizer.Scope resourceScope, io.confluent.security.authorizer.ResourceType resourceType)
addMatchingRules
in interface io.confluent.security.authorizer.provider.AccessRuleProvider
protected Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals)
public CompletionStage<Void> start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo, Map<String,?> interBrokerListenerConfigs)
start
in interface io.confluent.security.authorizer.provider.Provider
public Map<org.apache.kafka.common.Endpoint,CompletableFuture<Void>> start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
start
in interface org.apache.kafka.server.authorizer.Authorizer
start
in class kafka.security.authorizer.AclAuthorizer
public List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
authorize
in interface org.apache.kafka.server.authorizer.Authorizer
authorize
in class kafka.security.authorizer.AclAuthorizer
protected org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal)
public void updateCache(org.apache.kafka.common.resource.ResourcePattern resource, kafka.security.authorizer.AclAuthorizer.VersionedAcls versionedAcls)
updateCache
in class kafka.security.authorizer.AclAuthorizer