Examples with Action org.apache.kafka.server.authorizer.Action used on opensource projects

Example 1 with Action

use of org.apache.kafka.server.authorizer.Action in project kafka by apache.

the class AclAuthorizerBenchmark method setup.

@Setup(Level.Trial)
public void setup() throws Exception {
    prepareAclCache();
    prepareAclToUpdate();
    // By adding `-95` to the resource name prefix, we cause the `TreeMap.from/to` call to return
    // most map entries. In such cases, we rely on the filtering based on `String.startsWith`
    // to return the matching ACLs. Using a more efficient data structure (e.g. a prefix
    // tree) should improve performance significantly).
    actions = Collections.singletonList(new Action(AclOperation.WRITE, new ResourcePattern(ResourceType.TOPIC, resourceNamePrefix + 95, PatternType.LITERAL), 1, true, true));
    authorizeContext = new RequestContext(new RequestHeader(ApiKeys.PRODUCE, Integer.valueOf(1).shortValue(), "someclient", 1), "1", InetAddress.getByName("127.0.0.1"), principal, ListenerName.normalised("listener"), SecurityProtocol.PLAINTEXT, ClientInformation.EMPTY, false);
    authorizeByResourceTypeContext = new RequestContext(new RequestHeader(ApiKeys.PRODUCE, Integer.valueOf(1).shortValue(), "someclient", 1), "1", InetAddress.getByName(authorizeByResourceTypeHostName), principal, ListenerName.normalised("listener"), SecurityProtocol.PLAINTEXT, ClientInformation.EMPTY, false);
}

Example 2 with Action

use of org.apache.kafka.server.authorizer.Action in project kafka by apache.

the class StandardAuthorizerTest method testHostAddressAclValidation.

@Test
public void testHostAddressAclValidation() throws Exception {
    InetAddress host1 = InetAddress.getByName("192.168.1.1");
    InetAddress host2 = InetAddress.getByName("192.168.1.2");
    StandardAuthorizer authorizer = new StandardAuthorizer();
    authorizer.configure(Collections.emptyMap());
    List<StandardAcl> acls = Arrays.asList(new StandardAcl(TOPIC, "foo", LITERAL, "User:alice", host1.getHostAddress(), READ, DENY), new StandardAcl(TOPIC, "foo", LITERAL, "User:alice", "*", READ, ALLOW), new StandardAcl(TOPIC, "bar", LITERAL, "User:bob", host2.getHostAddress(), READ, ALLOW), new StandardAcl(TOPIC, "bar", LITERAL, "User:*", InetAddress.getLocalHost().getHostAddress(), DESCRIBE, ALLOW));
    acls.forEach(acl -> {
        StandardAclWithId aclWithId = withId(acl);
        authorizer.addAcl(aclWithId.id(), aclWithId.acl());
    });
    List<Action> actions = Arrays.asList(newAction(READ, TOPIC, "foo"), newAction(READ, TOPIC, "bar"), newAction(DESCRIBE, TOPIC, "bar"));
    assertEquals(Arrays.asList(ALLOWED, DENIED, ALLOWED), authorizer.authorize(newRequestContext("alice", InetAddress.getLocalHost()), actions));
    assertEquals(Arrays.asList(DENIED, DENIED, DENIED), authorizer.authorize(newRequestContext("alice", host1), actions));
    assertEquals(Arrays.asList(ALLOWED, DENIED, DENIED), authorizer.authorize(newRequestContext("alice", host2), actions));
    assertEquals(Arrays.asList(DENIED, DENIED, ALLOWED), authorizer.authorize(newRequestContext("bob", InetAddress.getLocalHost()), actions));
    assertEquals(Arrays.asList(DENIED, DENIED, DENIED), authorizer.authorize(newRequestContext("bob", host1), actions));
    assertEquals(Arrays.asList(DENIED, ALLOWED, ALLOWED), authorizer.authorize(newRequestContext("bob", host2), actions));
}

Example 3 with Action

use of org.apache.kafka.server.authorizer.Action in project kafka by apache.

the class StandardAuthorizer method authorize.

@Override
public List<AuthorizationResult> authorize(AuthorizableRequestContext requestContext, List<Action> actions) {
    StandardAuthorizerData curData = data;
    List<AuthorizationResult> results = new ArrayList<>(actions.size());
    for (Action action : actions) {
        AuthorizationResult result = curData.authorize(requestContext, action);
        results.add(result);
    }
    return results;
}