Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-12651

Connect should register REST extensions before REST resources

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Not A Problem
    • 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.1.1, 2.0.2, 2.3.0, 2.1.2, 2.2.1, 2.2.2, 2.4.0, 2.3.1, 2.2.3, 2.5.0, 2.3.2, 2.4.1, 2.6.0, 2.4.2, 2.5.1, 2.7.0, 2.5.2, 2.6.1, 2.8.0, 2.7.1, 2.6.2, 3.1.0, 2.6.3, 2.9, 2.7.2, 2.8.1, 3.0.0
    • None
    • KafkaConnect
    • None

    Description

      Connect currently registers custom REST extensions after REST resources. This can be problematic in security-conscious environments where REST extensions are used to lock down access to the Connect REST API, as it creates a window of opportunity for unauthenticated access to the REST API between the time the worker's REST resources are brought up and when its REST extensions are registered.

      Attachments

        Issue Links

          Activity

            People

              ChrisEgerton Chris Egerton
              ChrisEgerton Chris Egerton
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: