root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

MINOR: Refactor on DelegationTokenManager follow up with KAFKA-18711 (#20579) 

Follow-up PR of KAFKA-18711. The motivation and reason for this change
are outlined in [1].

[1] - https://github.com/apache/kafka/pull/20475#discussion_r2375608168

Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
This commit is contained in:
Maros Orsak 2025-09-24 20:25:44 +02:00 committed by GitHub
parent ac63ce9789
commit 563338c0e9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/src/main/scala/kafka/server/KafkaApis.scala
View File

@ -64,7 +64,6 @@ import org.apache.kafka.security.DelegationTokenManager
import org.apache.kafka.server.{ApiVersionManager, ClientMetricsManager, ProcessRole} import org.apache.kafka.server.{ApiVersionManager, ClientMetricsManager, ProcessRole}
import org.apache.kafka.server.authorizer._ import org.apache.kafka.server.authorizer._
import org.apache.kafka.server.common.{GroupVersion, RequestLocal, ShareVersion, StreamsVersion, TransactionVersion} import org.apache.kafka.server.common.{GroupVersion, RequestLocal, ShareVersion, StreamsVersion, TransactionVersion}
import org.apache.kafka.server.config.DelegationTokenManagerConfigs
import org.apache.kafka.server.share.context.ShareFetchContext import org.apache.kafka.server.share.context.ShareFetchContext
import org.apache.kafka.server.share.{ErroneousAndValidPartitionData, SharePartitionKey} import org.apache.kafka.server.share.{ErroneousAndValidPartitionData, SharePartitionKey}
import org.apache.kafka.server.share.acknowledge.ShareAcknowledgementBatch import org.apache.kafka.server.share.acknowledge.ShareAcknowledgementBatch
@ -2314,7 +2313,7 @@ class KafkaApis(val requestChannel: RequestChannel,
if (!allowTokenRequests(request)) if (!allowTokenRequests(request))
sendResponseCallback(Errors.DELEGATION_TOKEN_REQUEST_NOT_ALLOWED, Collections.emptyList) sendResponseCallback(Errors.DELEGATION_TOKEN_REQUEST_NOT_ALLOWED, Collections.emptyList)
else if (!new DelegationTokenManagerConfigs(config).tokenAuthEnabled) else if (!tokenManager.isEnabled)
sendResponseCallback(Errors.DELEGATION_TOKEN_AUTH_DISABLED, Collections.emptyList) sendResponseCallback(Errors.DELEGATION_TOKEN_AUTH_DISABLED, Collections.emptyList)
else { else {
val requestPrincipal = request.context.principal val requestPrincipal = request.context.principal

4
server-common/src/main/java/org/apache/kafka/security/DelegationTokenManager.java
View File

@ -104,6 +104,10 @@ public class DelegationTokenManager {
.toList(); .toList();
} }
public boolean isEnabled() {
return secretKey != null;
}
public static boolean filterToken( public static boolean filterToken(
KafkaPrincipal requesterPrincipal, KafkaPrincipal requesterPrincipal,
Optional<List<KafkaPrincipal>> owners, Optional<List<KafkaPrincipal>> owners,