Package org.apache.kafka.common.security.auth

Class KafkaPrincipal

java.lang.Object

org.apache.kafka.common.security.auth.KafkaPrincipal

All Implemented Interfaces:

Principal

public class KafkaPrincipal
extends Object
implements Principal

Principals in Kafka are defined by a type and a name. The principal type will always be "User" for the simple authorizer that is enabled by default, but custom authorizers can leverage different principal types (such as to enable group or role-based ACLs). The KafkaPrincipalBuilder interface is used when you need to derive a different principal type from the authentication context, or when you need to represent relations between different principals. For example, you could extend KafkaPrincipal in order to link a user principal to one or more role principals.

For custom extensions of KafkaPrincipal, there two key points to keep in mind:

1. To be compatible with the ACL APIs provided by Kafka (including the command line tool), each ACL can only represent a permission granted to a single principal (consisting of a principal type and name). It is possible to use richer ACL semantics, but you must implement your own mechanisms for adding and removing ACLs.
2. In general, KafkaPrincipal extensions are only useful when the corresponding Authorizer is also aware of the extension. If you have a KafkaPrincipalBuilder which derives user groups from the authentication context (e.g. from an SSL client certificate), then you need a custom authorizer which is capable of using the additional group information.

Field Summary

Fields

Modifier and Type	Field	Description
static KafkaPrincipal	ANONYMOUS
static String	USER_TYPE

Constructor Summary

Constructors

Constructor	Description
KafkaPrincipal(String principalType, String name)
KafkaPrincipal(String principalType, String name, boolean tokenAuthenticated)

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object o)
static KafkaPrincipal	fromString(String str)	Deprecated. As of 1.0.0.
String	getName()
String	getPrincipalType()
int	hashCode()
boolean	tokenAuthenticated()
void	tokenAuthenticated(boolean tokenAuthenticated)
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Field Detail

USER_TYPE

public static final String USER_TYPE

See Also:

Constant Field Values

ANONYMOUS

public static final KafkaPrincipal ANONYMOUS

Constructor Detail

KafkaPrincipal

public KafkaPrincipal(String principalType,
                      String name)

KafkaPrincipal

public KafkaPrincipal(String principalType,
                      String name,
                      boolean tokenAuthenticated)

Method Detail

fromString

@Deprecated
public static KafkaPrincipal fromString(String str)

Deprecated.

As of 1.0.0. This method will be removed in a future major release.

Parse a KafkaPrincipal instance from a string. This method cannot be used for KafkaPrincipal extensions.

Parameters:

str - The input string formatted as "{principalType}:{principalName}"

Returns:

The parsed KafkaPrincipal instance

toString

public String toString()

Specified by:

toString in interface Principal

Overrides:

toString in class Object

equals

public boolean equals(Object o)

Specified by:

equals in interface Principal

Overrides:

equals in class Object

hashCode

public int hashCode()

Specified by:

hashCode in interface Principal

Overrides:

hashCode in class Object

getName

public String getName()

Specified by:

getName in interface Principal

getPrincipalType

public String getPrincipalType()

tokenAuthenticated

public void tokenAuthenticated(boolean tokenAuthenticated)

tokenAuthenticated

public boolean tokenAuthenticated()