use of org.apache.kafka.server.authorizer.Action in project kafka by apache.
the class AclAuthorizerBenchmark method setup.
@Setup(Level.Trial)
public void setup() throws Exception {
prepareAclCache();
prepareAclToUpdate();
// By adding `-95` to the resource name prefix, we cause the `TreeMap.from/to` call to return
// most map entries. In such cases, we rely on the filtering based on `String.startsWith`
// to return the matching ACLs. Using a more efficient data structure (e.g. a prefix
// tree) should improve performance significantly).
actions = Collections.singletonList(new Action(AclOperation.WRITE, new ResourcePattern(ResourceType.TOPIC, resourceNamePrefix + 95, PatternType.LITERAL), 1, true, true));
authorizeContext = new RequestContext(new RequestHeader(ApiKeys.PRODUCE, Integer.valueOf(1).shortValue(), "someclient", 1), "1", InetAddress.getByName("127.0.0.1"), principal, ListenerName.normalised("listener"), SecurityProtocol.PLAINTEXT, ClientInformation.EMPTY, false);
authorizeByResourceTypeContext = new RequestContext(new RequestHeader(ApiKeys.PRODUCE, Integer.valueOf(1).shortValue(), "someclient", 1), "1", InetAddress.getByName(authorizeByResourceTypeHostName), principal, ListenerName.normalised("listener"), SecurityProtocol.PLAINTEXT, ClientInformation.EMPTY, false);
}
use of org.apache.kafka.server.authorizer.Action in project kafka by apache.
the class StandardAuthorizerTest method testHostAddressAclValidation.
@Test
public void testHostAddressAclValidation() throws Exception {
InetAddress host1 = InetAddress.getByName("192.168.1.1");
InetAddress host2 = InetAddress.getByName("192.168.1.2");
StandardAuthorizer authorizer = new StandardAuthorizer();
authorizer.configure(Collections.emptyMap());
List<StandardAcl> acls = Arrays.asList(new StandardAcl(TOPIC, "foo", LITERAL, "User:alice", host1.getHostAddress(), READ, DENY), new StandardAcl(TOPIC, "foo", LITERAL, "User:alice", "*", READ, ALLOW), new StandardAcl(TOPIC, "bar", LITERAL, "User:bob", host2.getHostAddress(), READ, ALLOW), new StandardAcl(TOPIC, "bar", LITERAL, "User:*", InetAddress.getLocalHost().getHostAddress(), DESCRIBE, ALLOW));
acls.forEach(acl -> {
StandardAclWithId aclWithId = withId(acl);
authorizer.addAcl(aclWithId.id(), aclWithId.acl());
});
List<Action> actions = Arrays.asList(newAction(READ, TOPIC, "foo"), newAction(READ, TOPIC, "bar"), newAction(DESCRIBE, TOPIC, "bar"));
assertEquals(Arrays.asList(ALLOWED, DENIED, ALLOWED), authorizer.authorize(newRequestContext("alice", InetAddress.getLocalHost()), actions));
assertEquals(Arrays.asList(DENIED, DENIED, DENIED), authorizer.authorize(newRequestContext("alice", host1), actions));
assertEquals(Arrays.asList(ALLOWED, DENIED, DENIED), authorizer.authorize(newRequestContext("alice", host2), actions));
assertEquals(Arrays.asList(DENIED, DENIED, ALLOWED), authorizer.authorize(newRequestContext("bob", InetAddress.getLocalHost()), actions));
assertEquals(Arrays.asList(DENIED, DENIED, DENIED), authorizer.authorize(newRequestContext("bob", host1), actions));
assertEquals(Arrays.asList(DENIED, ALLOWED, ALLOWED), authorizer.authorize(newRequestContext("bob", host2), actions));
}
use of org.apache.kafka.server.authorizer.Action in project kafka by apache.
the class StandardAuthorizer method authorize.
@Override
public List<AuthorizationResult> authorize(AuthorizableRequestContext requestContext, List<Action> actions) {
StandardAuthorizerData curData = data;
List<AuthorizationResult> results = new ArrayList<>(actions.size());
for (Action action : actions) {
AuthorizationResult result = curData.authorize(requestContext, action);
results.add(result);
}
return results;
}
Aggregations