You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Patrik Márton (Jira)" <ji...@apache.org> on 2022/10/12 13:02:00 UTC

[jira] [Created] (KAFKA-14293) Basic Auth filter should set the SecurityContext after a successful login

Patrik Márton created KAFKA-14293:
-------------------------------------

             Summary: Basic Auth filter should set the SecurityContext after a successful login
                 Key: KAFKA-14293
                 URL: https://issues.apache.org/jira/browse/KAFKA-14293
             Project: Kafka
          Issue Type: Improvement
            Reporter: Patrik Márton


Currently, the JaasBasicAuthFilter does not set the security context of the request after a successful login. However, this information of an authenticated user might be required for further processing, for example to perform authorization checks after the authentication.

> The filter should be extended to add the Security Context after a successful login.

Another improvement would be to assign the right Priority to the filter. The current implementation uses the default priority, which is Priorities.USER = 5000. This is a lower priority than for example AUTHORIZATION, which means that the basic auth filter would run after authorization filters.

> Assing the correct Priorities.AUTHENTICATION = 1000 priority to the filter 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [jira] [Created] (KAFKA-14293) Basic Auth filter should set the SecurityContext after a successful login

Posted by jacob bogers <jk...@gmail.com>.

On Wednesday, October 12, 2022, Patrik Márton (Jira) <ji...@apache.org>
wrote:

> Patrik Márton created KAFKA-14293:
> -------------------------------------
>
>              Summary: Basic Auth filter should set the SecurityContext
> after a successful login
>                  Key: KAFKA-14293
>                  URL: https://issues.apache.org/jira/browse/KAFKA-14293
>              Project: Kafka
>           Issue Type: Improvement
>             Reporter: Patrik Márton
>
>
> Currently, the JaasBasicAuthFilter does not set the security context of
> the request after a successful login. However, this information of an
> authenticated user might be required for further processing, for example to
> perform authorization checks after the authentication.
>
> > The filter should be extended to add the Security Context after a
> successful login.
>
> Another improvement would be to assign the right Priority to the filter.
> The current implementation uses the default priority, which is
> Priorities.USER = 5000. This is a lower priority than for example
> AUTHORIZATION, which means that the basic auth filter would run after
> authorization filters.
>
> > Assing the correct Priorities.AUTHENTICATION = 1000 priority to the
> filter
>
>
>
> --
> This message was sent by Atlassian Jira
> (v8.20.10#820010)
>