Re: [PR] [WIP]KAFKA-18896 add KIP-877 support for Login [kafka]

Sun, 15 Jun 2025 19:51:44 -0700 


m1a2st commented on code in PR #19527:
URL: https://github.com/apache/kafka/pull/19527#discussion_r2148958025


##########
clients/src/main/java/org/apache/kafka/common/security/authenticator/LoginManager.java:
##########
@@ -53,20 +56,30 @@ public class LoginManager {
     // dynamic configs (broker or client)
     private static final Map<LoginMetadata<Password>, LoginManager> 
DYNAMIC_INSTANCES = new HashMap<>();
 
-    private final Login login;
+    private final Plugin<Login> loginPlugin;
     private final LoginMetadata<?> loginMetadata;
     private final AuthenticateCallbackHandler loginCallbackHandler;
     private int refCount;
 
-    private LoginManager(JaasContext jaasContext, String saslMechanism, 
Map<String, ?> configs,
-                 LoginMetadata<?> loginMetadata) throws LoginException {
+    private LoginManager(
+        JaasContext jaasContext, 
+        String saslMechanism, 
+        Map<String, ?> configs,
+        LoginMetadata<?> loginMetadata,
+        ConnectionMode connectionMode,
+        Metrics metrics
+    ) throws LoginException {
         this.loginMetadata = loginMetadata;
-        this.login = Utils.newInstance(loginMetadata.loginClass);
+        Login login = Utils.newInstance(loginMetadata.loginClass);
+        if (connectionMode == ConnectionMode.SERVER)  
+            this.loginPlugin = Plugin.wrapInstance(login, metrics, 
SaslConfigs.SASL_LOGIN_CLASS, "mechanism", saslMechanism);

Review Comment:
   If we use the Processor's metricsTags, only the server-side Processor will 
have these tagsā€”the client side does not. However, we maybe can introduce other 
relevant tags on the client side. The proposed schema would look like this:
   server side:
   ```
   tags = Map.of(
       "config", "base column",
       "class", "base column",
       "mechanism", "KIP-877 spec",
       "networkProcessor", "fromProcessor",
       "listener", "fromProcessor"
   )
   ```
   client side:
   ```
   tags = Map.of(
       "config", "base column",
       "class", "base column",
       "id", "raft-client-0" // This field has a value in server-client side; 
on the client side, it may be equivalent to `client-id`.
   )
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to