Class EmbeddedAuthorizer

java.lang.Object

io.confluent.security.authorizer.EmbeddedAuthorizer

All Implemented Interfaces:

Authorizer, Closeable, AutoCloseable, org.apache.kafka.common.Configurable, org.apache.kafka.server.authorizer.ProviderGetter

public class EmbeddedAuthorizer
extends Object
implements Authorizer, org.apache.kafka.server.authorizer.ProviderGetter

Cross-component embedded authorizer that implements common authorization logic. This authorizer loads configured providers and uses them to perform authorization.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	EmbeddedAuthorizer.AuthorizerMetrics

Constructor Summary

Constructors

Constructor	Description
EmbeddedAuthorizer()

Method Summary

Modifier and Type	Method	Description
AccessRuleProvider	accessRuleProvider(String providerName)
List<AccessRuleProvider>	accessRuleProviders()
org.apache.kafka.server.audit.AuditLogProvider	auditLogProvider()
List<AuthorizeResult>	authorize(RequestContext requestContext, List<Action> actions)	Performs authorization for each of the provided `actions` and returns the result of each authorization.
static void	clearAuthorizerProvidersMap()
void	close()
void	configure(Map<String,?> configs)
void	configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)
Optional<org.apache.kafka.server.authorizer.Authorizer>	getRbacGroupProvider()
GroupProvider	groupProvider()
MetadataProvider	metadataProvider()
static void	removeFromAuthorizerProvidersMap(String sessionUuid)
CompletableFuture<Void>	start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo, Runnable initTask)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.confluent.security.authorizer.Authorizer

authorize, authorize, authorize

Constructor Details

EmbeddedAuthorizer

public EmbeddedAuthorizer()

Method Details

configure

public void configure(Map<String,?> configs)

Specified by:

configure in interface org.apache.kafka.common.Configurable

configureServerInfo

public void configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)

authorize

public List<AuthorizeResult> authorize(RequestContext requestContext,
 List<Action> actions)

Description copied from interface: Authorizer

Performs authorization for each of the provided `actions` and returns the result of each authorization.

Specified by:

authorize in interface Authorizer

Parameters:

requestContext - Request context including principal and additional context for auditing

actions - List of actions being authorized including the resource and operation for each action.

Returns:

List of authorization results, one for each of the provided actions, in the order they appear in `actions`.

groupProvider

public GroupProvider groupProvider()

accessRuleProvider

public AccessRuleProvider accessRuleProvider(String providerName)

metadataProvider

public MetadataProvider metadataProvider()

accessRuleProviders

public List<AccessRuleProvider> accessRuleProviders()

auditLogProvider

public org.apache.kafka.server.audit.AuditLogProvider auditLogProvider()

start

public CompletableFuture<Void> start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo,
 Runnable initTask)

close

public void close()

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable

removeFromAuthorizerProvidersMap

public static void removeFromAuthorizerProvidersMap(String sessionUuid)

getRbacGroupProvider

public Optional<org.apache.kafka.server.authorizer.Authorizer> getRbacGroupProvider()

Specified by:

getRbacGroupProvider in interface org.apache.kafka.server.authorizer.ProviderGetter

clearAuthorizerProvidersMap

public static void clearAuthorizerProvidersMap()