public interface Authorizer extends org.apache.kafka.common.Configurable, Closeable
Modifier and Type | Method and Description |
---|---|
default List<AuthorizeResult> |
authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
String host,
List<Action> actions)
Performs authorization for each of the provided `actions` and returns the result of each
authorization.
|
default List<AuthorizeResult> |
authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
String host,
String requestId,
List<Action> actions) |
default List<AuthorizeResult> |
authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
String host,
String requestId,
List<Action> actions,
boolean omitClientAddress) |
List<AuthorizeResult> |
authorize(RequestContext requestContext,
List<Action> actions)
Performs authorization for each of the provided `actions` and returns the result of each
authorization.
|
default List<AuthorizeResult> authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, List<Action> actions)
sessionPrincipal
- Authenticated principal of the client being authorized.
For embedded authorizer used in brokers, this must be the session principal
created by KafkaPrincipalBuilder
.
For remote authorization, e.g using Metadata Service, this is a KafkaPrincipal
instance that represents the principal of the remote client being authorized.host
- The host IP of the client performing the actions being authorized.
This may be null if host-based access control is not enabled.actions
- List of actions being authorized including the resource and operation
for each action.default List<AuthorizeResult> authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, String requestId, List<Action> actions, boolean omitClientAddress)
requestId
- Request id of the authorization event to be included in audit logsomitClientAddress
- Boolean value of whether we should omit the client address from the audit logs. Set to true if
host is not the client address and is instead some internal address.default List<AuthorizeResult> authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, String requestId, List<Action> actions)
requestId
- Request id of the authorization event to be included in audit logsList<AuthorizeResult> authorize(RequestContext requestContext, List<Action> actions)
requestContext
- Request context including principal and additional context for auditingactions
- List of actions being authorized including the resource and operation
for each action.