Package org.apache.kafka.common.security.auth

Class KafkaPrincipal

  • All Implemented Interfaces:
    java.security.Principal
    public class KafkaPrincipal
extends java.lang.Object
implements java.security.Principal

    Principals in Kafka are defined by a type and a name. The principal type will always be "User" for the simple authorizer that is enabled by default, but custom authorizers can leverage different principal types (such as to enable group or role-based ACLs). The KafkaPrincipalBuilder interface is used when you need to derive a different principal type from the authentication context, or when you need to represent relations between different principals. For example, you could extend KafkaPrincipal in order to link a user principal to one or more role principals.

    For custom extensions of KafkaPrincipal, there two key points to keep in mind:

    1. To be compatible with the ACL APIs provided by Kafka (including the command line tool), each ACL can only represent a permission granted to a single principal (consisting of a principal type and name). It is possible to use richer ACL semantics, but you must implement your own mechanisms for adding and removing ACLs.
    2. In general, KafkaPrincipal extensions are only useful when the corresponding Authorizer is also aware of the extension. If you have a KafkaPrincipalBuilder which derives user groups from the authentication context (e.g. from an SSL client certificate), then you need a custom authorizer which is capable of using the additional group information.

    • Constructor Detail

      • KafkaPrincipal

        public KafkaPrincipal​(java.lang.String principalType,
                      java.lang.String name)

    • Method Detail

      • fromString

        @Deprecated
public static KafkaPrincipal fromString​(java.lang.String str)
        Deprecated.
        As of 1.0.0. This method will be removed in a future major release.
        Parse a KafkaPrincipal instance from a string. This method cannot be used for KafkaPrincipal extensions.
        Parameters:
        str - The input string formatted as "{principalType}:{principalName}"
        Returns:
        The parsed KafkaPrincipal instance

      • toString

        public java.lang.String toString()
        Specified by:
        toString in interface java.security.Principal
        Overrides:
        toString in class java.lang.Object

      • equals

        public boolean equals​(java.lang.Object o)
        Specified by:
        equals in interface java.security.Principal
        Overrides:
        equals in class java.lang.Object

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface java.security.Principal
        Overrides:
        hashCode in class java.lang.Object

      • getName

        public java.lang.String getName()
        Specified by:
        getName in interface java.security.Principal

      • getPrincipalType

        public java.lang.String getPrincipalType()

      • tokenAuthenticated

        public void tokenAuthenticated​(boolean tokenAuthenticated)

      • tokenAuthenticated

        public boolean tokenAuthenticated()