AccessRuleProvider (ce-authorizer 6.1.0-ce API)

All Superinterfaces:

java.lang.AutoCloseable, java.io.Closeable, org.apache.kafka.common.Configurable, Provider
```
public interface AccessRuleProvider
extends Provider
```
Interface used by providers of access rules used for authorization. Access rules may be derived from ACLs, RBAC policies etc.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`AuthorizeRule`	`findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, java.util.Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, java.lang.String host, Action action)` Returns the first matching access rule for the user and group principals that match the provided resource.
`boolean`	`isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal, Scope scope)` Returns true if the provided principal is a super user.
`boolean`	`mayDeny()` Returns true if this provider supports DENY rules.

Methods inherited from interface io.confluent.security.authorizer.provider.Provider
providerName, start, usesMetadataFromThisKafkaCluster

Methods inherited from interface org.apache.kafka.common.Configurable
configure

Methods inherited from interface java.io.Closeable
close

- Method Detail
  - isSuperUser
```
boolean isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal,
                    Scope scope)
```
    Returns true if the provided principal is a super user. All operations are authorized for super-users without checking any access rules.
    
    Parameters:
    
    principal - User principal from the Session or the group principal of a group that the user belongs to.
    
    scope - Scope of resource being access
    
    Returns:
    
    true if super-user or super-group
  - findRule
```
AuthorizeRule findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
                       java.util.Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
                       java.lang.String host,
                       Action action)
```
    Returns the first matching access rule for the user and group principals that match the provided resource. If a DENY rule is found for the user or group, the DENY rule is returned. Otherwise one of the matching ALLOW rules is returned.
    
    Parameters:
    
    sessionPrincipal - User principal from the Session
    
    groupPrincipals - List of group principals of the user, which may be empty
    
    host - Client IP address
    
    action - Action being authorized
    
    Returns:
    
    Matching rule that includes any deny or allow rule and a boolean that indicates if there are no rules match the resource.
  - mayDeny
```
boolean mayDeny()
```
    Returns true if this provider supports DENY rules. If false, this provider's rules are not retrieved if an ALLOW rule was found on another provider.
    
    Returns:
    
    Boolean indicating if the provider supports DENY rules.

Interface AccessRuleProvider

Method Summary

Methods inherited from interface io.confluent.security.authorizer.provider.Provider

Methods inherited from interface org.apache.kafka.common.Configurable

Methods inherited from interface java.io.Closeable

Method Detail

isSuperUser

findRule

mayDeny