public class AuthzConfig extends Config
KeycloakRBACAuthorizer| Modifier and Type | Field and Description |
|---|---|
static java.lang.String |
STRIMZI_AUTHORIZATION_CLIENT_ID
Client id used by authorizer when requesting grants from Keycloak Authorization Services.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_CONNECT_TIMEOUT_SECONDS
Connect timeout for connections to the token endpoint in seconds.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_DELEGATE_TO_KAFKA_ACL
If true, the authorization decision is delegated to standard kafka ACL authorizer for non-oauth listeners and whenever
the Keycloak Authorization Services grants don't result in ALLOWED permission.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_ENABLE_METRICS
Enable authorization specific metrics.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_GRANTS_GC_PERIOD_SECONDS
A period in seconds for a background service that removes no-longer-used grants information from grants cache.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_GRANTS_MAX_IDLE_TIME_SECONDS
The maximum time in seconds that a grant is kept in grants cache without being accessed.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_GRANTS_REFRESH_PERIOD_SECONDS
The time period in seconds for the background job to refresh the cached grants for active sessions.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_GRANTS_REFRESH_POOL_SIZE
The number of worker threads used by the background job that refreshes the grants.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_HTTP_RETRIES
A maximum number of retries to attempt if the request to Keycloak token endpoint fails in unexpected way (connection timeout, read timeout, unexpected HTTP status code, unexpected response body).
|
static java.lang.String |
STRIMZI_AUTHORIZATION_INCLUDE_ACCEPT_HEADER
Disable sending the
Accept header to the upstream server. |
static java.lang.String |
STRIMZI_AUTHORIZATION_KAFKA_CLUSTER_NAME
The cluster name used by this configuration which can be targeted in Keycloak Authorization Services by a resource name prefix 'cluster-name:$CLUSTER_NAME,'.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_READ_TIMEOUT_SECONDS
Read timeout for connections to the token endpoint in seconds.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_REUSE_GRANTS
Reuse cached grants for the same principal (user id) possibly fetched by another session using a different access token.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM
Certificate checking method to use for HTTPS.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_SSL_SECURE_RANDOM_IMPLEMENTATION
Pseudo random number generator implementation to use for HTTPS.
|
static java.lang.String |
STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_CERTIFICATES
Trusted certificates in PEM format as alternative way to provide certs
|
static java.lang.String |
STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_LOCATION
Truststore file location
|
static java.lang.String |
STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_PASSWORD
Truststore password
|
static java.lang.String |
STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_TYPE
Truststore type
|
static java.lang.String |
STRIMZI_AUTHORIZATION_TOKEN_ENDPOINT_URI
Keycloak token endpoint used to fetch grants for individual access token.
|
OAUTH_ACCESS_TOKEN_IS_JWT, OAUTH_AUDIENCE, OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_CONFIG_ID, OAUTH_CONNECT_TIMEOUT_SECONDS, OAUTH_ENABLE_METRICS, OAUTH_FALLBACK_USERNAME_CLAIM, OAUTH_FALLBACK_USERNAME_PREFIX, OAUTH_HTTP_RETRIES, OAUTH_HTTP_RETRY_PAUSE_MILLIS, OAUTH_INCLUDE_ACCEPT_HEADER, OAUTH_READ_TIMEOUT_SECONDS, OAUTH_SCOPE, OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, OAUTH_SSL_SECURE_RANDOM_IMPLEMENTATION, OAUTH_SSL_TRUSTSTORE_CERTIFICATES, OAUTH_SSL_TRUSTSTORE_LOCATION, OAUTH_SSL_TRUSTSTORE_PASSWORD, OAUTH_SSL_TRUSTSTORE_TYPE, OAUTH_TOKENS_NOT_JWT, OAUTH_USERNAME_CLAIMgetValue, getValue, getValueAsBoolean, getValueAsInt, getValueAsLong, getValueAsURI, isTrue, toEnvName, validatepublic static final java.lang.String STRIMZI_AUTHORIZATION_CLIENT_ID
public static final java.lang.String STRIMZI_AUTHORIZATION_TOKEN_ENDPOINT_URI
public static final java.lang.String STRIMZI_AUTHORIZATION_KAFKA_CLUSTER_NAME
public static final java.lang.String STRIMZI_AUTHORIZATION_DELEGATE_TO_KAFKA_ACL
public static final java.lang.String STRIMZI_AUTHORIZATION_GRANTS_REFRESH_PERIOD_SECONDS
public static final java.lang.String STRIMZI_AUTHORIZATION_GRANTS_REFRESH_POOL_SIZE
public static final java.lang.String STRIMZI_AUTHORIZATION_GRANTS_MAX_IDLE_TIME_SECONDS
public static final java.lang.String STRIMZI_AUTHORIZATION_GRANTS_GC_PERIOD_SECONDS
public static final java.lang.String STRIMZI_AUTHORIZATION_HTTP_RETRIES
public static final java.lang.String STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_LOCATION
public static final java.lang.String STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_CERTIFICATES
public static final java.lang.String STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_PASSWORD
public static final java.lang.String STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_TYPE
public static final java.lang.String STRIMZI_AUTHORIZATION_SSL_SECURE_RANDOM_IMPLEMENTATION
public static final java.lang.String STRIMZI_AUTHORIZATION_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM
public static final java.lang.String STRIMZI_AUTHORIZATION_CONNECT_TIMEOUT_SECONDS
public static final java.lang.String STRIMZI_AUTHORIZATION_READ_TIMEOUT_SECONDS
public static final java.lang.String STRIMZI_AUTHORIZATION_ENABLE_METRICS
public static final java.lang.String STRIMZI_AUTHORIZATION_REUSE_GRANTS
public static final java.lang.String STRIMZI_AUTHORIZATION_INCLUDE_ACCEPT_HEADER
Accept header to the upstream server.Copyright © 2023. All rights reserved.