public class OAuthKafkaPrincipalBuilder extends Object implements org.apache.kafka.common.security.auth.KafkaPrincipalBuilder, org.apache.kafka.common.security.auth.KafkaPrincipalSerde, org.apache.kafka.common.Configurable
DefaultKafkaPrincipalBuilder, which is used as a delegate.
In case of mTLS, additional security is ensured by verifying following identities (ensuring they match): 1. The identity of the client's SSL certificate - e.g., rest proxy's certificate. 2. The identity that asked for the impersonation token - this is a claim in the token. This check helps prevent unauthorized access if the impersonation token is obtained by someone.
| Modifier and Type | Field and Description |
|---|---|
static String |
CONFLUENT_IMPERSONATED_BY_CLAIM_NAME |
| Constructor and Description |
|---|
OAuthKafkaPrincipalBuilder() |
| Modifier and Type | Method and Description |
|---|---|
org.apache.kafka.common.security.auth.KafkaPrincipal |
build(org.apache.kafka.common.security.auth.AuthenticationContext context) |
void |
configure(Map<String,?> configs) |
org.apache.kafka.common.security.auth.KafkaPrincipal |
deserialize(byte[] bytes) |
byte[] |
serialize(org.apache.kafka.common.security.auth.KafkaPrincipal principal) |
public static final String CONFLUENT_IMPERSONATED_BY_CLAIM_NAME
public void configure(Map<String,?> configs)
configure in interface org.apache.kafka.common.Configurablepublic org.apache.kafka.common.security.auth.KafkaPrincipal build(org.apache.kafka.common.security.auth.AuthenticationContext context)
build in interface org.apache.kafka.common.security.auth.KafkaPrincipalBuilderpublic byte[] serialize(org.apache.kafka.common.security.auth.KafkaPrincipal principal)
throws org.apache.kafka.common.errors.SerializationException
serialize in interface org.apache.kafka.common.security.auth.KafkaPrincipalSerdeorg.apache.kafka.common.errors.SerializationExceptionpublic org.apache.kafka.common.security.auth.KafkaPrincipal deserialize(byte[] bytes)
throws org.apache.kafka.common.errors.SerializationException
deserialize in interface org.apache.kafka.common.security.auth.KafkaPrincipalSerdeorg.apache.kafka.common.errors.SerializationException