io.confluent.security.authorizer

Class AccessRule

java.lang.Object

io.confluent.security.authorizer.AccessRule

All Implemented Interfaces:

AuthorizePolicy

Direct Known Subclasses:

AclAccessRule

public abstract class AccessRule
extends java.lang.Object
implements AuthorizePolicy

Encapsulates an access rule which may be derived from an ACL or RBAC policy. Operations and resource types are extensible to enable this to be used for authorization in different components.

Nested Class Summary

Nested classes/interfaces inherited from interface io.confluent.security.authorizer.AuthorizePolicy

AuthorizePolicy.NoMatchingRule, AuthorizePolicy.PolicyType, AuthorizePolicy.SuperUser

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ALL_HOSTS
static java.lang.String	GROUP_PRINCIPAL_TYPE
static org.apache.kafka.common.security.auth.KafkaPrincipal	WILDCARD_GROUP_PRINCIPAL
static org.apache.kafka.common.security.auth.KafkaPrincipal	WILDCARD_USER_PRINCIPAL

Fields inherited from interface io.confluent.security.authorizer.AuthorizePolicy

ALLOW_ON_NO_RULE, DENY_ON_NO_RULE, NO_MATCHING_RULE

Constructor Summary

Constructors

Constructor and Description
AccessRule(ResourcePattern resourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal principal, PermissionType permissionType, java.lang.String host, Operation operation, AuthorizePolicy.PolicyType policyType)

Method Summary

Modifier and Type	Method and Description
boolean	equals(java.lang.Object o)
int	hashCode()
java.lang.String	host()
static boolean	matches(org.apache.kafka.common.security.auth.KafkaPrincipal rulePrincipal, java.lang.String ruleHost, Operation ruleOperation, PermissionType rulePermissionType, java.util.Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, java.lang.String host, Operation requestedOperation, PermissionType permissionType)
boolean	matches(java.util.Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, java.lang.String host, Operation requestedOperation, PermissionType permissionType)
static java.util.Set<org.apache.kafka.common.security.auth.KafkaPrincipal>	matchingPrincipals(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal, java.util.Collection<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, org.apache.kafka.common.security.auth.KafkaPrincipal wildcardUserPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal wildcardGroupPrincipal)
Operation	operation()
PermissionType	permissionType()
AuthorizePolicy.PolicyType	policyType()
org.apache.kafka.common.security.auth.KafkaPrincipal	principal()
ResourcePattern	resourcePattern()
java.lang.String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

ALL_HOSTS

public static final java.lang.String ALL_HOSTS

See Also:

Constant Field Values

WILDCARD_USER_PRINCIPAL

public static final org.apache.kafka.common.security.auth.KafkaPrincipal WILDCARD_USER_PRINCIPAL

GROUP_PRINCIPAL_TYPE

public static final java.lang.String GROUP_PRINCIPAL_TYPE

See Also:

Constant Field Values

WILDCARD_GROUP_PRINCIPAL

public static final org.apache.kafka.common.security.auth.KafkaPrincipal WILDCARD_GROUP_PRINCIPAL

Constructor Detail

AccessRule

public AccessRule(ResourcePattern resourcePattern,
                  org.apache.kafka.common.security.auth.KafkaPrincipal principal,
                  PermissionType permissionType,
                  java.lang.String host,
                  Operation operation,
                  AuthorizePolicy.PolicyType policyType)

Method Detail

resourcePattern

public ResourcePattern resourcePattern()

principal

public org.apache.kafka.common.security.auth.KafkaPrincipal principal()

permissionType

public PermissionType permissionType()

host

public java.lang.String host()

operation

public Operation operation()

policyType

public AuthorizePolicy.PolicyType policyType()

Specified by:

policyType in interface AuthorizePolicy

matches

public boolean matches(java.util.Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals,
                       java.lang.String host,
                       Operation requestedOperation,
                       PermissionType permissionType)

equals

public boolean equals(java.lang.Object o)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

matchingPrincipals

public static java.util.Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal,
                                                                                                     java.util.Collection<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
                                                                                                     org.apache.kafka.common.security.auth.KafkaPrincipal wildcardUserPrincipal,
                                                                                                     org.apache.kafka.common.security.auth.KafkaPrincipal wildcardGroupPrincipal)

matches

public static boolean matches(org.apache.kafka.common.security.auth.KafkaPrincipal rulePrincipal,
                              java.lang.String ruleHost,
                              Operation ruleOperation,
                              PermissionType rulePermissionType,
                              java.util.Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals,
                              java.lang.String host,
                              Operation requestedOperation,
                              PermissionType permissionType)