EmbeddedAuthorizer (ce-authorizer 7.0.1-ce API)

java.lang.Object
- io.confluent.security.authorizer.EmbeddedAuthorizer

All Implemented Interfaces:

Authorizer, Closeable, AutoCloseable, org.apache.kafka.common.Configurable
```
public class EmbeddedAuthorizer
extends Object
implements Authorizer
```
Cross-component embedded authorizer that implements common authorization logic. This authorizer loads configured providers and uses them to perform authorization.

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

protected static class EmbeddedAuthorizer.AuthorizationContext

static class EmbeddedAuthorizer.AuthorizerMetrics

Nested Classes
Modifier and Type	Class and Description
`protected static class`	`EmbeddedAuthorizer.AuthorizationContext`
`static class`	`EmbeddedAuthorizer.AuthorizerMetrics`

Field Summary

Fields
Modifier and Type	Field and Description
`protected ConfluentAuthorizerConfig`	`authorizerConfig`
`protected Set<org.apache.kafka.common.security.auth.KafkaPrincipal>`	`brokerUsers`
`protected String`	`interBrokerListener`
`protected static org.slf4j.Logger`	`log`
`protected Set<Provider>`	`providersCreated`

Constructor Summary

Constructors
Constructor and Description

EmbeddedAuthorizer()

Constructors
Constructor and Description
`EmbeddedAuthorizer()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`AccessRuleProvider`	`accessRuleProvider(String providerName)`
`protected List<AccessRuleProvider>`	`accessRuleProviders()`
`org.apache.kafka.server.audit.AuditLogProvider`	`auditLogProvider()`
`List<AuthorizeResult>`	`authorize(RequestContext requestContext, List<Action> actions)` Performs authorization for each of the provided `actions` and returns the result of each authorization.
`protected AuthorizeResult`	`authorizeByResourceType(RequestContext requestContext, Operation op, ResourceType resourceType)`
`void`	`close()`
`void`	`configure(Map<String,?> configs)`
`protected void`	`configureProviders(List<AccessRuleProvider> accessRuleProviders, GroupProvider groupProvider, MetadataProvider metadataProvider, org.apache.kafka.server.audit.AuditLogProvider auditLogProvider)`
`void`	`configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)`
`GroupProvider`	`groupProvider()`
`protected boolean`	`isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal userOrGroupPrincipal, Action action)`
`protected void`	`logAuditMessage(Scope sourceScope, RequestContext requestContext, Action action, AuthorizeResult authorizeResult, AuthorizePolicy authorizePolicy)`
`MetadataProvider`	`metadataProvider()`
`protected org.apache.kafka.common.metrics.Metrics`	`metrics()`
`protected org.apache.kafka.common.utils.Time`	`metricsTime()`
`protected boolean`	`ready()`
`protected Scope`	`scope()`
`protected void`	`setupAuthorizerMetrics(org.apache.kafka.common.metrics.Metrics metrics)`
`CompletableFuture<Void>`	`start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo, Map<String,?> interBrokerListenerConfigs, Runnable initTask)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.confluent.security.authorizer.Authorizer
authorize

Field Detail

log

protected static final org.slf4j.Logger log

providersCreated

protected final Set<Provider> providersCreated

authorizerConfig

protected ConfluentAuthorizerConfig authorizerConfig

brokerUsers

protected Set<org.apache.kafka.common.security.auth.KafkaPrincipal> brokerUsers

interBrokerListener
```
protected String interBrokerListener
```

Constructor Detail
- EmbeddedAuthorizer
```
public EmbeddedAuthorizer()
```

Method Detail

configure
```
public void configure(Map<String,?> configs)
```
Specified by:

configure in interface org.apache.kafka.common.Configurable

configureServerInfo

public void configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)

authorize
```
public List<AuthorizeResult> authorize(RequestContext requestContext,
                                       List<Action> actions)
```
Description copied from interface: Authorizer

Performs authorization for each of the provided `actions` and returns the result of each authorization.

Specified by:

authorize in interface Authorizer

Parameters:

requestContext - Request context including principal and additional context for auditing

actions - List of actions being authorized including the resource and operation for each action.

Returns:

List of authorization results, one for each of the provided actions, in the order they appear in `actions`.

groupProvider
```
public GroupProvider groupProvider()
```

accessRuleProvider

public AccessRuleProvider accessRuleProvider(String providerName)

metadataProvider

public MetadataProvider metadataProvider()

accessRuleProviders

protected List<AccessRuleProvider> accessRuleProviders()

auditLogProvider

public org.apache.kafka.server.audit.AuditLogProvider auditLogProvider()

start

public CompletableFuture<Void> start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo,
                                     Map<String,?> interBrokerListenerConfigs,
                                     Runnable initTask)

configureProviders

protected void configureProviders(List<AccessRuleProvider> accessRuleProviders,
                                  GroupProvider groupProvider,
                                  MetadataProvider metadataProvider,
                                  org.apache.kafka.server.audit.AuditLogProvider auditLogProvider)

ready
```
protected boolean ready()
```

isSuperUser

protected boolean isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
                              org.apache.kafka.common.security.auth.KafkaPrincipal userOrGroupPrincipal,
                              Action action)

authorizeByResourceType

protected AuthorizeResult authorizeByResourceType(RequestContext requestContext,
                                                  Operation op,
                                                  ResourceType resourceType)

close
```
public void close()
```
Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

scope
```
protected Scope scope()
```

setupAuthorizerMetrics

protected void setupAuthorizerMetrics(org.apache.kafka.common.metrics.Metrics metrics)

logAuditMessage

protected void logAuditMessage(Scope sourceScope,
                               RequestContext requestContext,
                               Action action,
                               AuthorizeResult authorizeResult,
                               AuthorizePolicy authorizePolicy)

metrics

protected org.apache.kafka.common.metrics.Metrics metrics()

metricsTime

protected org.apache.kafka.common.utils.Time metricsTime()

Class EmbeddedAuthorizer

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface io.confluent.security.authorizer.Authorizer

Field Detail

log

providersCreated

authorizerConfig

brokerUsers

interBrokerListener

Constructor Detail

EmbeddedAuthorizer

Method Detail

configure

configureServerInfo

authorize

groupProvider

accessRuleProvider

metadataProvider

accessRuleProviders

auditLogProvider

start

configureProviders

ready

isSuperUser

authorizeByResourceType

close

scope

setupAuthorizerMetrics

logAuditMessage

metrics

metricsTime