Example 1 with AuthorizationResult
use of org.apache.kafka.server.authorizer.AuthorizationResult in project kafka by apache.
the class StandardAuthorizer method configure.
@Override
public synchronized void configure(Map<String, ?> configs) {
Set<String> superUsers = getConfiguredSuperUsers(configs);
AuthorizationResult defaultResult = getDefaultResult(configs);
int nodeId;
try {
nodeId = Integer.parseInt(configs.get("node.id").toString());
} catch (Exception e) {
nodeId = -1;
}
this.data = data.copyWithNewConfig(nodeId, superUsers, defaultResult);
this.data.log.info("set super.users=" + String.join(",", superUsers) + ", default result=" + defaultResult);
}
Also used :
AuthorizationResult(org.apache.kafka.server.authorizer.AuthorizationResult)
Endpoint(org.apache.kafka.common.Endpoint)
TimeoutException(org.apache.kafka.common.errors.TimeoutException)
NotControllerException(org.apache.kafka.common.errors.NotControllerException)
IOException(java.io.IOException)
Example 2 with AuthorizationResult
use of org.apache.kafka.server.authorizer.AuthorizationResult in project kafka by apache.
the class StandardAuthorizerData method checkSection.
void checkSection(Action action, StandardAcl exemplar, AuthorizableRequestContext requestContext, AuthorizationResultBuilder builder) {
NavigableSet<StandardAcl> tailSet = aclsByResource.tailSet(exemplar, true);
String resourceName = action.resourcePattern().name();
for (Iterator<StandardAcl> iterator = tailSet.iterator(); iterator.hasNext(); ) {
StandardAcl acl = iterator.next();
if (!acl.resourceType().equals(action.resourcePattern().resourceType())) {
// should stop scanning.
break;
}
if (resourceName.startsWith(acl.resourceName())) {
if (acl.patternType() == LITERAL && !resourceName.equals(acl.resourceName())) {
// scanning in case there are any relevant PREFIX ACLs.
continue;
}
} else if (!(acl.resourceName().equals(WILDCARD) && acl.patternType() == LITERAL)) {
// stepped outside of the section we care about and should stop scanning.
break;
}
AuthorizationResult result = findResult(action, requestContext, acl);
if (ALLOWED == result) {
builder.foundAllow = true;
} else if (DENIED == result) {
if (log.isTraceEnabled()) {
log.trace("authorize(requestContext=" + requestContext + ", action=" + action + "): DENIED because of " + acl);
}
builder.foundDeny = true;
return;
}
}
}
Also used :
AuthorizationResult(org.apache.kafka.server.authorizer.AuthorizationResult)
Example 3 with AuthorizationResult
use of org.apache.kafka.server.authorizer.AuthorizationResult in project kafka by apache.
the class StandardAuthorizer method authorize.
@Override
public List<AuthorizationResult> authorize(AuthorizableRequestContext requestContext, List<Action> actions) {
StandardAuthorizerData curData = data;
List<AuthorizationResult> results = new ArrayList<>(actions.size());
for (Action action : actions) {
AuthorizationResult result = curData.authorize(requestContext, action);
results.add(result);
}
return results;
}
Also used :
Action(org.apache.kafka.server.authorizer.Action)
ArrayList(java.util.ArrayList)
AuthorizationResult(org.apache.kafka.server.authorizer.AuthorizationResult)
Aggregations
AuthorizationResult (org.apache.kafka.server.authorizer.AuthorizationResult)3
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
Endpoint (org.apache.kafka.common.Endpoint)1
NotControllerException (org.apache.kafka.common.errors.NotControllerException)1
TimeoutException (org.apache.kafka.common.errors.TimeoutException)1
Action (org.apache.kafka.server.authorizer.Action)1
