org.apache.kafka.common.security.auth.KafkaPrincipal

All Implemented Interfaces:: Principal

public class KafkaPrincipal extends Object implements Principal

Principals in Kafka are defined by a type and a name. The principal type will always be "User" for the simple authorizer that is enabled by default, but custom authorizers can leverage different principal types (such as to enable group or role-based ACLs). The KafkaPrincipalBuilder interface is used when you need to derive a different principal type from the authentication context, or when you need to represent relations between different principals. For example, you could extend KafkaPrincipal in order to link a user principal to one or more role principals.

For custom extensions of KafkaPrincipal, there two key points to keep in mind:

To be compatible with the ACL APIs provided by Kafka (including the command line tool), each ACL can only represent a permission granted to a single principal (consisting of a principal type and name). It is possible to use richer ACL semantics, but you must implement your own mechanisms for adding and removing ACLs.
In general, KafkaPrincipal extensions are only useful when the corresponding Authorizer is also aware of the extension. If you have a KafkaPrincipalBuilder which derives user groups from the authentication context (e.g. from an SSL client certificate), then you need a custom authorizer which is capable of using the additional group information.

Field Summary

Fields

Modifier and Type

Field

Description

static final KafkaPrincipal

ANONYMOUS

static final String

USER_TYPE
Constructor Summary

Constructors

Constructor

Description

KafkaPrincipal(String principalType, String name)

KafkaPrincipal(String principalType, String name, boolean tokenAuthenticated)
Method Summary

Modifier and Type

Method

Description

boolean

equals(Object o)

String

getName()

String

getPrincipalType()

int

hashCode()

boolean

tokenAuthenticated()

void

tokenAuthenticated(boolean tokenAuthenticated)

String

toString()

Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal
implies

Field Details
- USER_TYPE
  
  public static final String USER_TYPE
  See Also:
  
  Constant Field Values
- ANONYMOUS
  
  public static final KafkaPrincipal ANONYMOUS
Constructor Details
- KafkaPrincipal
  
  public KafkaPrincipal(String principalType, String name)
- KafkaPrincipal
  
  public KafkaPrincipal(String principalType, String name, boolean tokenAuthenticated)
Method Details
- toString
  
  public String toString()
  
  Specified by:
  
  toString in interface Principal
  
  Overrides:
  
  toString in class Object
- equals
  
  public boolean equals(Object o)
  
  Specified by:
  
  equals in interface Principal
  
  Overrides:
  
  equals in class Object
- hashCode
  
  public int hashCode()
  
  Specified by:
  
  hashCode in interface Principal
  
  Overrides:
  
  hashCode in class Object
- getName
  
  public String getName()
  
  Specified by:
  
  getName in interface Principal
- getPrincipalType
  
  public String getPrincipalType()
- tokenAuthenticated
  
  public void tokenAuthenticated(boolean tokenAuthenticated)
- tokenAuthenticated
  
  public boolean tokenAuthenticated()

Class KafkaPrincipal

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface java.security.Principal

Field Details

USER_TYPE

ANONYMOUS

Constructor Details

KafkaPrincipal

KafkaPrincipal

Method Details

toString

equals

hashCode

getName

getPrincipalType

tokenAuthenticated

tokenAuthenticated