Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-1682 Security for Kafka
  3. KAFKA-1882

Create extendable channel interface and default implementations

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      For the security infrastructure, we need an extendible interface to replace SocketChannel.

      KAFKA-1684 suggests extending SocketChannel itself, but since SocketChannel is part of Java's standard library, the interface changes between different Java versions, so extending it directly can become a compatibility issue.

      Instead, we can implement a KafkaChannel interface, which will implement connect(), read(), write() and possibly other methods we use.

      We will replace direct use of SocketChannel in our code with use of KafkaChannel.

      Different implementations of KafkaChannel will be instantiated based on the port/SecurityProtocol configuration.

      This patch will provide at least the PLAINTEXT implementation for KafkaChannel.

      I will validate that the SSL implementation in KAFKA-1684 can be refactored to use a KafkaChannel interface rather than extend SocketChannel directly. However, the patch will not include the SSL channel itself.

      The interface should also include setters/getters for principal and remote IP, which will be used for the authentication code.

        Attachments

          Activity

            People

            • Assignee:
              gwenshap Gwen Shapira
              Reporter:
              gwenshap Gwen Shapira
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: