Class ConfluentPrincipal
java.lang.Object
org.apache.kafka.common.security.auth.KafkaPrincipal
org.apache.kafka.common.security.auth.ConfluentPrincipal
- All Implemented Interfaces:
Principal
ConfluentPrincipal
extends KafkaPrincipal
to provide extra utility for principals.
-
authorizationIds
store all the authorization ids in one list which contributes to the authorization. Currently, this list containsmay_act.principals + integerId
in the case of the confluent token in the Confluent cloud and for any other mechanism, it contains the name ofKafkaPrincipal.getName()
. -
groups
this is specific to Confluent Platform. As part of OAuth support to Confluent Platform, groups can be obtained from the Oauth token. And these group principals are also used in final authorization. identityMetadata
this is specific to confluent cloud. It is used in Audit log in case of Oauth authentication.
authorizationIds
and groups
can't be mixed as of now.
-
Field Summary
FieldsFields inherited from class org.apache.kafka.common.security.auth.KafkaPrincipal
ANONYMOUS, USER_TYPE
-
Constructor Summary
ConstructorsConstructorDescriptionConfluentPrincipal
(String principalType, String name, String authenticationId) ConfluentPrincipal
(String principalType, String name, String authenticationId, boolean delegationTokenAuthenticated) ConfluentPrincipal
(String principalType, String name, String authenticationId, Optional<String> networkId, boolean delegationTokenAuthenticated, Set<String> groups) ConfluentPrincipal
(String principalType, String name, String authenticationId, Optional<String> networkId, boolean delegationTokenAuthenticated, Set<String> groups, List<String> authorizationIds, IdentityMetadata identityMetadata) authorizationIds: Contains list of ids used in authorization. -
Method Summary
Modifier and TypeMethodDescriptionReturns the public credential (e.g.Returns list of ids which will be used to authorize to request.boolean
Returns the principal groups if provided during authentication.int
hashCode()
Returns the networkId if available, where the authentication request originated from.Methods inherited from class org.apache.kafka.common.security.auth.KafkaPrincipal
getName, getPrincipalType, tokenAuthenticated, tokenAuthenticated, toString
-
Field Details
-
GROUP_TYPE
- See Also:
-
-
Constructor Details
-
ConfluentPrincipal
-
ConfluentPrincipal
-
ConfluentPrincipal
-
ConfluentPrincipal
public ConfluentPrincipal(String principalType, String name, String authenticationId, Optional<String> networkId, boolean delegationTokenAuthenticated, Set<String> groups, List<String> authorizationIds, IdentityMetadata identityMetadata) authorizationIds: Contains list of ids used in authorization. Authorization will be decided by following rule - If any id in the list have deny permission result will be denied - else if any id have allow permission result will allowed
-
-
Method Details
-
identityMetadata
-
maybeGetIdentityMetadata
-
authenticationId
Returns the public credential (e.g. user name) if available. If not configured, the principal name is returned. -
networkId
Returns the networkId if available, where the authentication request originated from. -
authorizationIds
Returns list of ids which will be used to authorize to request. -
getGroups
Returns the principal groups if provided during authentication. -
equals
- Specified by:
equals
in interfacePrincipal
- Overrides:
equals
in classKafkaPrincipal
-
hashCode
public int hashCode()- Specified by:
hashCode
in interfacePrincipal
- Overrides:
hashCode
in classKafkaPrincipal
-