Class OAuthKafkaPrincipalBuilder

java.lang.Object

io.confluent.kafka.security.authenticator.OAuthKafkaPrincipalBuilder

All Implemented Interfaces:

org.apache.kafka.common.Configurable, org.apache.kafka.common.security.auth.KafkaPrincipalBuilder, org.apache.kafka.common.security.auth.KafkaPrincipalSerde

public class OAuthKafkaPrincipalBuilder
extends Object
implements org.apache.kafka.common.security.auth.KafkaPrincipalBuilder, org.apache.kafka.common.security.auth.KafkaPrincipalSerde, org.apache.kafka.common.Configurable

This class is used to build a KafkaPrincipal which provides support for SASL/OAUTHBEARER authentication. SSL and SASL/GSSAPI authentication is handled by DefaultKafkaPrincipalBuilder, which is used as a delegate.

In case of mTLS, additional security is ensured by verifying following identities (ensuring they match): 1. The identity of the client's SSL certificate - e.g., rest proxy's certificate. 2. The identity that asked for the impersonation token - this is a claim in the token. This check helps prevent unauthorized access if the impersonation token is obtained by someone.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CONFLUENT_IMPERSONATED_BY_CLAIM_NAME

Constructor Summary

Constructors

Constructor	Description
OAuthKafkaPrincipalBuilder()

Method Summary

Modifier and Type	Method	Description
org.apache.kafka.common.security.auth.KafkaPrincipal	build(org.apache.kafka.common.security.auth.AuthenticationContext context)
void	configure(Map<String,?> configs)
org.apache.kafka.common.security.auth.KafkaPrincipal	deserialize(byte[] bytes)
byte[]	serialize(org.apache.kafka.common.security.auth.KafkaPrincipal principal)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CONFLUENT_IMPERSONATED_BY_CLAIM_NAME

public static final String CONFLUENT_IMPERSONATED_BY_CLAIM_NAME

See Also:

• Constant Field Values

Constructor Details

OAuthKafkaPrincipalBuilder

public OAuthKafkaPrincipalBuilder()

Method Details

configure

public void configure(Map<String,?> configs)

Specified by:

configure in interface org.apache.kafka.common.Configurable

build

public org.apache.kafka.common.security.auth.KafkaPrincipal build(org.apache.kafka.common.security.auth.AuthenticationContext context)

Specified by:

build in interface org.apache.kafka.common.security.auth.KafkaPrincipalBuilder

serialize

public byte[] serialize(org.apache.kafka.common.security.auth.KafkaPrincipal principal)
                 throws org.apache.kafka.common.errors.SerializationException

Specified by:

serialize in interface org.apache.kafka.common.security.auth.KafkaPrincipalSerde

Throws:

org.apache.kafka.common.errors.SerializationException

deserialize

public org.apache.kafka.common.security.auth.KafkaPrincipal deserialize(byte[] bytes)
                                                                 throws org.apache.kafka.common.errors.SerializationException

Specified by:

deserialize in interface org.apache.kafka.common.security.auth.KafkaPrincipalSerde

Throws:

org.apache.kafka.common.errors.SerializationException