From users-return-26184-apmail-kafka-users-archive=kafka.apache.org@kafka.apache.org Wed Nov 30 18:15:35 2016 Return-Path: X-Original-To: apmail-kafka-users-archive@www.apache.org Delivered-To: apmail-kafka-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D74E91936C for ; Wed, 30 Nov 2016 18:15:35 +0000 (UTC) Received: (qmail 54707 invoked by uid 500); 30 Nov 2016 18:15:33 -0000 Delivered-To: apmail-kafka-users-archive@kafka.apache.org Received: (qmail 54646 invoked by uid 500); 30 Nov 2016 18:15:33 -0000 Mailing-List: contact users-help@kafka.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@kafka.apache.org Delivered-To: mailing list users@kafka.apache.org Received: (qmail 54634 invoked by uid 99); 30 Nov 2016 18:15:33 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Nov 2016 18:15:33 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id D28961800EC for ; Wed, 30 Nov 2016 18:15:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.997 X-Spam-Level: * X-Spam-Status: No, score=1.997 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=welltokinc.onmicrosoft.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 5X1UmPNHHh0C for ; Wed, 30 Nov 2016 18:15:30 +0000 (UTC) Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0125.outbound.protection.outlook.com [104.47.38.125]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id EC4195F39C for ; Wed, 30 Nov 2016 18:15:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=welltokinc.onmicrosoft.com; s=selector1-welltok-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=A8gtGPXpezO80GZ7H5ypIPmzqGftGmeZhm+eK/IrNtE=; b=mc7RFbeyvkcqrNzyS8ZJ6cbFC4mq43RbYvm4yiaqcDGfJ+5Lt/71lrgcXxVnxR81voyKlMHSH8zoVK/6Sb6NDqkkpM2j9c871oxepB9R4DSaEJMEckc8IQP7AuqBw2mo5gK8vJ37wiVciDkNSiD4DmuTqfCVOpThgtmMkSyjSzc= Received: from SN1PR12MB0654.namprd12.prod.outlook.com (10.163.208.24) by SN1PR12MB0653.namprd12.prod.outlook.com (10.163.208.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.747.13; Wed, 30 Nov 2016 18:15:22 +0000 Received: from SN1PR12MB0654.namprd12.prod.outlook.com ([10.163.208.24]) by SN1PR12MB0654.namprd12.prod.outlook.com ([10.163.208.24]) with mapi id 15.01.0747.018; Wed, 30 Nov 2016 18:15:22 +0000 From: Zac Harvey To: "users@kafka.apache.org" Subject: Re: Writing a customized principal builder for authorization Thread-Topic: Writing a customized principal builder for authorization Thread-Index: AQHSSySAXQEE+QlZGk+fi2Qr9CvSKqDxyLoAgAAFrACAAAY6aQ== Date: Wed, 30 Nov 2016 18:15:22 +0000 Message-ID: References: , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=zac.harvey@welltok.com; x-originating-ip: [132.245.39.245] x-ms-office365-filtering-correlation-id: 2926887a-b67e-4bbb-f69d-08d4194cd990 x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:SN1PR12MB0653; x-microsoft-exchange-diagnostics: 1;SN1PR12MB0653;7:wZjH1PyW4pdElf35ETcYtzibYJ+c9/5009W05nH+yoez1d5NWhP6lfPXVzzCFBb//MRHheNExaaXMjGDVujfdB/8JDlebwK9W2YuwNFiS5rOIbBpJHuXlFe/wRK+QmknQY6JCsDO1m+TpOkclq+2pvWrhpwmRMQh3mq4KY/BlW6zs77IkyHqot/hQ6rqakd2cj4vbKmcTLv49b8JFS1Jui4QlI6DkHhcTMGYHZNtGytXItEVNs4CgIGNh9sIvB9/c/glsbB52T7XRkqfmCiB/1SuXCZvTjXkcbGJgkWXlb64ZrnKiq7LsArQGmy8l9cG8yucyr4BN3Kv8RnghmCnzeSiz89hDDgY6il0oWkgDgTPPEiF1/Vp0mASs3ot4BbUhmeyVrsQmxPM63qOl6jnYJjmjnJES251EnGbmbtBflm5DYZ5QGLjCKvkvKfTQC7XIMqMo4uGVyNJPfthBYdm3w== x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(2016111802025)(6043046)(6072148);SRVR:SN1PR12MB0653;BCL:0;PCL:0;RULEID:;SRVR:SN1PR12MB0653; x-forefront-prvs: 0142F22657 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(7916002)(199003)(189002)(24454002)(377454003)(81156014)(5660300001)(189998001)(76576001)(8936002)(3280700002)(74316002)(54356999)(3660700001)(50986999)(122556002)(81166006)(97736004)(86362001)(2501003)(6116002)(110136003)(450100001)(92566002)(1730700003)(2950100002)(6916009)(2906002)(33656002)(102836003)(8676002)(7696004)(3846002)(107886002)(77096006)(68736007)(38730400001)(5003630100001)(101416001)(2900100001)(106356001)(106116001)(229853002)(39410400001)(6506003)(2351001)(39450400002)(7846002)(7736002)(99286002)(105586002)(9686002)(66066001)(76176999);DIR:OUT;SFP:1102;SCL:1;SRVR:SN1PR12MB0653;H:SN1PR12MB0654.namprd12.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; received-spf: None (protection.outlook.com: welltok.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_SN1PR12MB06547372824BB80FDD64A69E908C0SN1PR12MB0654namp_" MIME-Version: 1.0 X-OriginatorOrg: welltok.com X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2016 18:15:22.2896 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 578121a6-b279-46b4-8061-0647d7dd9ba0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0653 --_000_SN1PR12MB06547372824BB80FDD64A69E908C0SN1PR12MB0654namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable How do you then modify Kafka's searchable classpath to pick up this new pri= ncipal.builder.class classfile from a JAR somewhere on the filesystem? In other words, I change my server.properties to: principal.builder.class=3Dcom.example.kafkautils.MyCustomKafkaPrincipalBuil= der How will Kafka be able to find that at startup? ________________________________ From: Mayuresh Gharat Sent: Wednesday, November 30, 2016 12:51:14 PM To: users@kafka.apache.org Subject: Re: Writing a customized principal builder for authorization "principal.builder.class" is the name of the property. Thanks, Mayuresh On Wed, Nov 30, 2016 at 9:30 AM, wrote: > Hi Kriti, > > You will have to implement the Principal Builder interface and provide th= e > full class path in broker config. I don't remember the exact config name > right now, but you can search for some config by name > "principalbuilder.class" in the broker configs. > > Once you do this, Kafka will automatically use your custom > PrincipalBuilder class for generating the principal. > > The buildPrincipal() function in the PrincipalBuilder is where you will > have to create the your custom Principal class object ( This custom > principal class should implement Java principal interface) and this custo= m > principal.getname() can return whatever name you want. > > Let me know if this helps. > > Thanks, > > Mayuresh > > > > Sent from my iPhone > > > On Nov 29, 2016, at 11:40 PM, Kiriti Sai > wrote: > > > > Hi, > > Can anyone help me or point me to any resources that can be of help for > > writing a customized principal builder to use in Authorization using > ACLs? > > I've enabled SSL authentication scheme for both clients and brokers but= I > > would like to change the principal name to just the original name and > > Organizational unit instead of the complete defiant principal name for > SSL. > > > > Thanka in advance for the help. > -- -Regards, Mayuresh R. Gharat (862) 250-7125 --_000_SN1PR12MB06547372824BB80FDD64A69E908C0SN1PR12MB0654namp_--