Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-1682 Security for Kafka
  3. KAFKA-2579

Unauthorized clients should not be able to join groups

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.9.0.0
    • Fix Version/s: 0.9.0.0
    • Component/s: security
    • Labels:
      None

      Description

      The JoinGroup authorization is only checked in the response callback which is invoked after the request has been forwarded to the ConsumerCoordinator and the client has joined the group. This allows unauthorized members to impact the rest of the group since the coordinator will assign partitions to them. It would be better to check permission and return immediately if the client is unauthorized.

        Attachments

          Activity

            People

            • Assignee:
              hachikuji Jason Gustafson
              Reporter:
              hachikuji Jason Gustafson

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment