You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Patrik Márton (Jira)" <ji...@apache.org> on 2022/10/12 13:02:00 UTC
[jira] [Created] (KAFKA-14293) Basic Auth filter should set the SecurityContext after a successful login
Patrik Márton created KAFKA-14293:
-------------------------------------
Summary: Basic Auth filter should set the SecurityContext after a successful login
Key: KAFKA-14293
URL: https://issues.apache.org/jira/browse/KAFKA-14293
Project: Kafka
Issue Type: Improvement
Reporter: Patrik Márton
Currently, the JaasBasicAuthFilter does not set the security context of the request after a successful login. However, this information of an authenticated user might be required for further processing, for example to perform authorization checks after the authentication.
> The filter should be extended to add the Security Context after a successful login.
Another improvement would be to assign the right Priority to the filter. The current implementation uses the default priority, which is Priorities.USER = 5000. This is a lower priority than for example AUTHORIZATION, which means that the basic auth filter would run after authorization filters.
> Assing the correct Priorities.AUTHENTICATION = 1000 priority to the filter
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [jira] [Created] (KAFKA-14293) Basic Auth filter should set the SecurityContext after a successful login
Posted by jacob bogers <jk...@gmail.com>.
On Wednesday, October 12, 2022, Patrik Márton (Jira) <ji...@apache.org>
wrote:
> Patrik Márton created KAFKA-14293:
> -------------------------------------
>
> Summary: Basic Auth filter should set the SecurityContext
> after a successful login
> Key: KAFKA-14293
> URL: https://issues.apache.org/jira/browse/KAFKA-14293
> Project: Kafka
> Issue Type: Improvement
> Reporter: Patrik Márton
>
>
> Currently, the JaasBasicAuthFilter does not set the security context of
> the request after a successful login. However, this information of an
> authenticated user might be required for further processing, for example to
> perform authorization checks after the authentication.
>
> > The filter should be extended to add the Security Context after a
> successful login.
>
> Another improvement would be to assign the right Priority to the filter.
> The current implementation uses the default priority, which is
> Priorities.USER = 5000. This is a lower priority than for example
> AUTHORIZATION, which means that the basic auth filter would run after
> authorization filters.
>
> > Assing the correct Priorities.AUTHENTICATION = 1000 priority to the
> filter
>
>
>
> --
> This message was sent by Atlassian Jira
> (v8.20.10#820010)
>