Class KafkaPrincipal
java.lang.Object
org.apache.kafka.common.security.auth.KafkaPrincipal
- All Implemented Interfaces:
Principal
Principals in Kafka are defined by a type and a name. The principal type will always be "User"
for the simple authorizer that is enabled by default, but custom authorizers can leverage different
principal types (such as to enable group or role-based ACLs). The KafkaPrincipalBuilder
interface
is used when you need to derive a different principal type from the authentication context, or when
you need to represent relations between different principals. For example, you could extend
KafkaPrincipal
in order to link a user principal to one or more role principals.
For custom extensions of KafkaPrincipal
, there two key points to keep in mind:
- To be compatible with the ACL APIs provided by Kafka (including the command line tool), each ACL can only represent a permission granted to a single principal (consisting of a principal type and name). It is possible to use richer ACL semantics, but you must implement your own mechanisms for adding and removing ACLs.
- In general,
KafkaPrincipal
extensions are only useful when the corresponding Authorizer is also aware of the extension. If you have aKafkaPrincipalBuilder
which derives user groups from the authentication context (e.g. from an SSL client certificate), then you need a custom authorizer which is capable of using the additional group information.
-
Field Summary
-
Constructor Summary
ConstructorDescriptionKafkaPrincipal
(String principalType, String name) KafkaPrincipal
(String principalType, String name, boolean tokenAuthenticated) -
Method Summary
Modifier and TypeMethodDescriptionboolean
getName()
int
hashCode()
boolean
void
tokenAuthenticated
(boolean tokenAuthenticated) toString()
-
Field Details
-
USER_TYPE
- See Also:
-
ANONYMOUS
-
-
Constructor Details
-
KafkaPrincipal
-
KafkaPrincipal
-
-
Method Details
-
toString
-
equals
-
hashCode
public int hashCode() -
getName
-
getPrincipalType
-
tokenAuthenticated
public void tokenAuthenticated(boolean tokenAuthenticated) -
tokenAuthenticated
public boolean tokenAuthenticated()
-