kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zac Harvey <zac.har...@welltok.com>
Subject Re: Writing a customized principal builder for authorization
Date Wed, 30 Nov 2016 18:15:22 GMT
How do you then modify Kafka's searchable classpath to pick up this new principal.builder.class
classfile from a JAR somewhere on the filesystem?


In other words, I change my server.properties to:


principal.builder.class=com.example.kafkautils.MyCustomKafkaPrincipalBuilder


How will Kafka be able to find that at startup?

________________________________
From: Mayuresh Gharat <gharatmayuresh15@gmail.com>
Sent: Wednesday, November 30, 2016 12:51:14 PM
To: users@kafka.apache.org
Subject: Re: Writing a customized principal builder for authorization

"principal.builder.class" is the name of the property.

Thanks,

Mayuresh

On Wed, Nov 30, 2016 at 9:30 AM, <gharatmayuresh15@gmail.com> wrote:

> Hi Kriti,
>
> You will have to implement the Principal Builder interface and provide the
> full class path in broker config. I don't remember the exact config name
> right now, but you can search for some config by name
> "principalbuilder.class" in the broker configs.
>
> Once you do this, Kafka will automatically use your custom
> PrincipalBuilder class for generating the principal.
>
> The buildPrincipal() function in the PrincipalBuilder is where you will
> have to create the your custom Principal class object ( This custom
> principal class should implement Java principal interface) and this custom
> principal.getname() can return whatever name you want.
>
> Let me know if this helps.
>
> Thanks,
>
> Mayuresh
>
>
>
> Sent from my iPhone
>
> > On Nov 29, 2016, at 11:40 PM, Kiriti Sai <kiriti163.iitm@gmail.com>
> wrote:
> >
> > Hi,
> > Can anyone help me or point me to any resources that can be of help for
> > writing a customized principal builder to use in Authorization using
> ACLs?
> > I've enabled SSL authentication scheme for both clients and brokers but I
> > would like to change the principal name to just the original name and
> > Organizational unit instead of the complete defiant principal name for
> SSL.
> >
> > Thanka in advance for the help.
>



--
-Regards,
Mayuresh R. Gharat
(862) 250-7125

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message