Class AccessRule
java.lang.Object
io.confluent.security.authorizer.AccessRule
- All Implemented Interfaces:
AuthorizePolicy
- Direct Known Subclasses:
AclAccessRule
Encapsulates an access rule which may be derived from an ACL or RBAC policy.
Operations and resource types are extensible to enable this to be used for
authorization in different components.
-
Nested Class Summary
Nested classes/interfaces inherited from interface io.confluent.security.authorizer.AuthorizePolicy
AuthorizePolicy.BrokerUser, AuthorizePolicy.NoMatchingRule, AuthorizePolicy.PolicyType, AuthorizePolicy.SuperUser -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final org.apache.kafka.common.security.auth.KafkaPrincipalstatic final org.apache.kafka.common.security.auth.KafkaPrincipalFields inherited from interface io.confluent.security.authorizer.AuthorizePolicy
ALLOW_ON_NO_RULE, DENY_ON_NO_RULE, NO_MATCHING_RULE -
Constructor Summary
ConstructorsConstructorDescriptionAccessRule(ResourcePattern resourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.roledefinitions.PermissionType permissionType, String host, io.confluent.security.roledefinitions.Operation operation, AuthorizePolicy.PolicyType policyType) AccessRule(ResourcePattern resourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.roledefinitions.PermissionType permissionType, String host, io.confluent.security.roledefinitions.Operation operation, AuthorizePolicy.PolicyType policyType, Collection<org.apache.kafka.common.Uuid> clusterLinkIds) -
Method Summary
Modifier and TypeMethodDescriptionstatic org.apache.kafka.common.security.auth.KafkaPrincipalasBaseKafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal principal) Collection<org.apache.kafka.common.Uuid> booleaninthashCode()host()booleanmatches(String host, io.confluent.security.roledefinitions.Operation requestedOperation, io.confluent.security.roledefinitions.PermissionType permissionType) static booleanmatches(String ruleHost, io.confluent.security.roledefinitions.Operation ruleOperation, io.confluent.security.roledefinitions.PermissionType rulePermissionType, String host, io.confluent.security.roledefinitions.Operation requestedOperation, io.confluent.security.roledefinitions.PermissionType permissionType) booleanmatches(Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, String host, io.confluent.security.roledefinitions.Operation requestedOperation, io.confluent.security.roledefinitions.PermissionType permissionType) static booleanmatches(org.apache.kafka.common.security.auth.KafkaPrincipal rulePrincipal, String ruleHost, io.confluent.security.roledefinitions.Operation ruleOperation, io.confluent.security.roledefinitions.PermissionType rulePermissionType, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, String host, io.confluent.security.roledefinitions.Operation requestedOperation, io.confluent.security.roledefinitions.PermissionType permissionType) static Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal, Collection<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, org.apache.kafka.common.security.auth.KafkaPrincipal wildcardUserPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal wildcardGroupPrincipal) io.confluent.security.roledefinitions.Operationio.confluent.security.roledefinitions.PermissionTypeorg.apache.kafka.common.security.auth.KafkaPrincipaltoString()
-
Field Details
-
ALL_HOSTS
- See Also:
-
WILDCARD_USER_PRINCIPAL
public static final org.apache.kafka.common.security.auth.KafkaPrincipal WILDCARD_USER_PRINCIPAL -
GROUP_PRINCIPAL_TYPE
- See Also:
-
WILDCARD_GROUP_PRINCIPAL
public static final org.apache.kafka.common.security.auth.KafkaPrincipal WILDCARD_GROUP_PRINCIPAL
-
-
Constructor Details
-
AccessRule
public AccessRule(ResourcePattern resourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.roledefinitions.PermissionType permissionType, String host, io.confluent.security.roledefinitions.Operation operation, AuthorizePolicy.PolicyType policyType) -
AccessRule
public AccessRule(ResourcePattern resourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.roledefinitions.PermissionType permissionType, String host, io.confluent.security.roledefinitions.Operation operation, AuthorizePolicy.PolicyType policyType, Collection<org.apache.kafka.common.Uuid> clusterLinkIds)
-
-
Method Details
-
resourcePattern
-
principal
public org.apache.kafka.common.security.auth.KafkaPrincipal principal() -
permissionType
public io.confluent.security.roledefinitions.PermissionType permissionType() -
host
-
operation
public io.confluent.security.roledefinitions.Operation operation() -
policyType
- Specified by:
policyTypein interfaceAuthorizePolicy
-
clusterLinkIds
-
matches
-
matches
public boolean matches(String host, io.confluent.security.roledefinitions.Operation requestedOperation, io.confluent.security.roledefinitions.PermissionType permissionType) -
equals
-
hashCode
-
toString
-
matchingPrincipals
public static Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal, Collection<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, org.apache.kafka.common.security.auth.KafkaPrincipal wildcardUserPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal wildcardGroupPrincipal) -
asBaseKafkaPrincipal
public static org.apache.kafka.common.security.auth.KafkaPrincipal asBaseKafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal principal) -
matches
public static boolean matches(org.apache.kafka.common.security.auth.KafkaPrincipal rulePrincipal, String ruleHost, io.confluent.security.roledefinitions.Operation ruleOperation, io.confluent.security.roledefinitions.PermissionType rulePermissionType, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, String host, io.confluent.security.roledefinitions.Operation requestedOperation, io.confluent.security.roledefinitions.PermissionType permissionType) -
matches
public static boolean matches(String ruleHost, io.confluent.security.roledefinitions.Operation ruleOperation, io.confluent.security.roledefinitions.PermissionType rulePermissionType, String host, io.confluent.security.roledefinitions.Operation requestedOperation, io.confluent.security.roledefinitions.PermissionType permissionType)
-