public class KeycloakAuthorizer
extends java.lang.Object
implements org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer
In KRaft mode multiple instances of this class can be instantiated, and each needs its own instance of StandardAuthorizer for
delegating authorization to Kafka ACL implementation.
This authorizer auto-detects whether it runs in KRaft mode or Zookeeper mode, and automatically sets up appropriate Kafka ACL delegation classes.
All authorization logic is delegated to KeycloakRBACAuthorizer of which a single instance is created and shared between all
instances of this class.
To install this authorizer in Kafka, specify the following in your 'server.properties':
authorizer.class.name=io.strimzi.kafka.oauth.server.authorizer.KeycloakAuthorizer
principal.builder.class=io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder
Configuration options are the same as for KeycloakRBACAuthorizer.
| Constructor and Description |
|---|
KeycloakAuthorizer() |
| Modifier and Type | Method and Description |
|---|---|
int |
aclCount() |
org.apache.kafka.metadata.authorizer.AclMutator |
aclMutatorOrException() |
java.lang.Iterable<org.apache.kafka.common.acl.AclBinding> |
acls(org.apache.kafka.common.acl.AclBindingFilter filter) |
void |
addAcl(org.apache.kafka.common.Uuid id,
org.apache.kafka.metadata.authorizer.StandardAcl acl) |
java.util.List<org.apache.kafka.server.authorizer.AuthorizationResult> |
authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
java.util.List<org.apache.kafka.server.authorizer.Action> actions) |
org.apache.kafka.server.authorizer.AuthorizationResult |
authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
org.apache.kafka.common.acl.AclOperation op,
org.apache.kafka.common.resource.ResourceType resourceType) |
void |
close() |
void |
completeInitialLoad() |
void |
completeInitialLoad(java.lang.Exception e) |
void |
configure(java.util.Map<java.lang.String,?> configs) |
java.util.List<? extends java.util.concurrent.CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> |
createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
java.util.List<org.apache.kafka.common.acl.AclBinding> aclBindings) |
java.util.List<? extends java.util.concurrent.CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> |
deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
java.util.List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters) |
void |
loadSnapshot(java.util.Map<org.apache.kafka.common.Uuid,org.apache.kafka.metadata.authorizer.StandardAcl> acls) |
void |
removeAcl(org.apache.kafka.common.Uuid id) |
void |
setAclMutator(org.apache.kafka.metadata.authorizer.AclMutator aclMutator) |
java.util.Map<org.apache.kafka.common.Endpoint,? extends java.util.concurrent.CompletionStage<java.lang.Void>> |
start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo) |
java.lang.String |
toString() |
public void configure(java.util.Map<java.lang.String,?> configs)
configure in interface org.apache.kafka.common.Configurablepublic java.util.Map<org.apache.kafka.common.Endpoint,? extends java.util.concurrent.CompletionStage<java.lang.Void>> start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
start in interface org.apache.kafka.server.authorizer.Authorizerpublic void setAclMutator(org.apache.kafka.metadata.authorizer.AclMutator aclMutator)
setAclMutator in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerpublic org.apache.kafka.metadata.authorizer.AclMutator aclMutatorOrException()
aclMutatorOrException in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerpublic void completeInitialLoad()
completeInitialLoad in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerpublic void completeInitialLoad(java.lang.Exception e)
completeInitialLoad in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerpublic void loadSnapshot(java.util.Map<org.apache.kafka.common.Uuid,org.apache.kafka.metadata.authorizer.StandardAcl> acls)
loadSnapshot in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerpublic void addAcl(org.apache.kafka.common.Uuid id,
org.apache.kafka.metadata.authorizer.StandardAcl acl)
addAcl in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerpublic void removeAcl(org.apache.kafka.common.Uuid id)
removeAcl in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerpublic java.lang.Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter)
acls in interface org.apache.kafka.server.authorizer.Authorizerpublic java.util.List<? extends java.util.concurrent.CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
java.util.List<org.apache.kafka.common.acl.AclBinding> aclBindings)
createAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizercreateAcls in interface org.apache.kafka.server.authorizer.Authorizerpublic java.util.List<? extends java.util.concurrent.CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
java.util.List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
deleteAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerdeleteAcls in interface org.apache.kafka.server.authorizer.Authorizerpublic int aclCount()
aclCount in interface org.apache.kafka.server.authorizer.Authorizerpublic org.apache.kafka.server.authorizer.AuthorizationResult authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
org.apache.kafka.common.acl.AclOperation op,
org.apache.kafka.common.resource.ResourceType resourceType)
authorizeByResourceType in interface org.apache.kafka.server.authorizer.Authorizerpublic java.util.List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
java.util.List<org.apache.kafka.server.authorizer.Action> actions)
authorize in interface org.apache.kafka.server.authorizer.Authorizerpublic void close()
throws java.io.IOException
close in interface java.io.Closeableclose in interface java.lang.AutoCloseablejava.io.IOExceptionpublic java.lang.String toString()
toString in class java.lang.ObjectCopyright © 2023. All rights reserved.