Class KafkaPrincipal
- java.lang.Object
-
- org.apache.kafka.common.security.auth.KafkaPrincipal
-
- All Implemented Interfaces:
java.security.Principal
public class KafkaPrincipal extends java.lang.Object implements java.security.Principal
Principals in Kafka are defined by a type and a name. The principal type will always be
"User"
for the simple authorizer that is enabled by default, but custom authorizers can leverage different principal types (such as to enable group or role-based ACLs). TheKafkaPrincipalBuilder
interface is used when you need to derive a different principal type from the authentication context, or when you need to represent relations between different principals. For example, you could extendKafkaPrincipal
in order to link a user principal to one or more role principals.For custom extensions of
KafkaPrincipal
, there two key points to keep in mind:- To be compatible with the ACL APIs provided by Kafka (including the command line tool), each ACL can only represent a permission granted to a single principal (consisting of a principal type and name). It is possible to use richer ACL semantics, but you must implement your own mechanisms for adding and removing ACLs.
- In general,
KafkaPrincipal
extensions are only useful when the corresponding Authorizer is also aware of the extension. If you have aKafkaPrincipalBuilder
which derives user groups from the authentication context (e.g. from an SSL client certificate), then you need a custom authorizer which is capable of using the additional group information.
-
-
Field Summary
Fields Modifier and Type Field Description static KafkaPrincipal
ANONYMOUS
static java.lang.String
USER_TYPE
-
Constructor Summary
Constructors Constructor Description KafkaPrincipal(java.lang.String principalType, java.lang.String name)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description boolean
equals(java.lang.Object o)
static KafkaPrincipal
fromString(java.lang.String str)
Deprecated.As of 1.0.0.java.lang.String
getName()
java.lang.String
getPrincipalType()
int
hashCode()
boolean
tokenAuthenticated()
void
tokenAuthenticated(boolean tokenAuthenticated)
java.lang.String
toString()
-
-
-
Field Detail
-
USER_TYPE
public static final java.lang.String USER_TYPE
- See Also:
- Constant Field Values
-
ANONYMOUS
public static final KafkaPrincipal ANONYMOUS
-
-
Method Detail
-
fromString
@Deprecated public static KafkaPrincipal fromString(java.lang.String str)
Deprecated.As of 1.0.0. This method will be removed in a future major release.Parse aKafkaPrincipal
instance from a string. This method cannot be used forKafkaPrincipal
extensions.- Parameters:
str
- The input string formatted as "{principalType}:{principalName}"- Returns:
- The parsed
KafkaPrincipal
instance
-
toString
public java.lang.String toString()
- Specified by:
toString
in interfacejava.security.Principal
- Overrides:
toString
in classjava.lang.Object
-
equals
public boolean equals(java.lang.Object o)
- Specified by:
equals
in interfacejava.security.Principal
- Overrides:
equals
in classjava.lang.Object
-
hashCode
public int hashCode()
- Specified by:
hashCode
in interfacejava.security.Principal
- Overrides:
hashCode
in classjava.lang.Object
-
getName
public java.lang.String getName()
- Specified by:
getName
in interfacejava.security.Principal
-
getPrincipalType
public java.lang.String getPrincipalType()
-
tokenAuthenticated
public void tokenAuthenticated(boolean tokenAuthenticated)
-
tokenAuthenticated
public boolean tokenAuthenticated()
-
-