Package io.confluent.security.authorizer

Interface Authorizer

All Superinterfaces:
AutoCloseable, Closeable, org.apache.kafka.common.Configurable
All Known Implementing Classes:
EmbeddedAuthorizer
public interface Authorizer extends org.apache.kafka.common.Configurable, Closeable
Cross-component authorizer API.

  • Method Summary

    Modifier and Type
    Method
    Description
    List<AuthorizeResult>
    authorize(RequestContext requestContext, List<Action> actions)
    Performs authorization for each of the provided `actions` and returns the result of each authorization.
    default List<AuthorizeResult>
    authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, String requestId, List<Action> actions)
     
    default List<AuthorizeResult>
    authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, String requestId, List<Action> actions, boolean omitClientAddress)
     
    default List<AuthorizeResult>
    authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, List<Action> actions)
    Performs authorization for each of the provided `actions` and returns the result of each authorization.

    Methods inherited from interface java.io.Closeable

    close

    Methods inherited from interface org.apache.kafka.common.Configurable

    configure

  • Method Details

    • authorize

      default List<AuthorizeResult> authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, List<Action> actions)
      Performs authorization for each of the provided `actions` and returns the result of each authorization.
      Parameters:
      sessionPrincipal - Authenticated principal of the client being authorized. For embedded authorizer used in brokers, this must be the session principal created by KafkaPrincipalBuilder. For remote authorization, e.g using Metadata Service, this is a KafkaPrincipal instance that represents the principal of the remote client being authorized.
      host - The host IP of the client performing the actions being authorized. This may be null if host-based access control is not enabled.
      actions - List of actions being authorized including the resource and operation for each action.
      Returns:
      List of authorization results, one for each of the provided actions, in the order they appear in `actions`.

    • authorize

      default List<AuthorizeResult> authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, String requestId, List<Action> actions, boolean omitClientAddress)
      Parameters:
      requestId - Request id of the authorization event to be included in audit logs
      omitClientAddress - Boolean value of whether we should omit the client address from the audit logs. Set to true if host is not the client address and is instead some internal address.

    • authorize

      default List<AuthorizeResult> authorize(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, String host, String requestId, List<Action> actions)
      Parameters:
      requestId - Request id of the authorization event to be included in audit logs

    • authorize

      List<AuthorizeResult> authorize(RequestContext requestContext, List<Action> actions)
      Performs authorization for each of the provided `actions` and returns the result of each authorization.
      Parameters:
      requestContext - Request context including principal and additional context for auditing
      actions - List of actions being authorized including the resource and operation for each action.
      Returns:
      List of authorization results, one for each of the provided actions, in the order they appear in `actions`.