Package io.strimzi.kafka.oauth.server.authorizer

Class AuthzConfig

java.lang.Object
io.strimzi.kafka.oauth.common.Config
io.strimzi.kafka.oauth.server.authorizer.AuthzConfig
public class AuthzConfig extends Config
Configuration handling class used in KeycloakRBACAuthorizer

  • Field Details

    • STRIMZI_AUTHORIZATION_CLIENT_ID

      public static final String STRIMZI_AUTHORIZATION_CLIENT_ID
      Client id used by authorizer when requesting grants from Keycloak Authorization Services.
      See Also:

    • STRIMZI_AUTHORIZATION_TOKEN_ENDPOINT_URI

      public static final String STRIMZI_AUTHORIZATION_TOKEN_ENDPOINT_URI
      Keycloak token endpoint used to fetch grants for individual access token.
      See Also:

    • STRIMZI_AUTHORIZATION_KAFKA_CLUSTER_NAME

      public static final String STRIMZI_AUTHORIZATION_KAFKA_CLUSTER_NAME
      The cluster name used by this configuration which can be targeted in Keycloak Authorization Services by a resource name prefix 'cluster-name:$CLUSTER_NAME,'.
      See Also:

    • STRIMZI_AUTHORIZATION_DELEGATE_TO_KAFKA_ACL

      public static final String STRIMZI_AUTHORIZATION_DELEGATE_TO_KAFKA_ACL
      If true, the authorization decision is delegated to standard kafka ACL authorizer for non-oauth listeners and whenever the Keycloak Authorization Services grants don't result in ALLOWED permission.
      See Also:

    • STRIMZI_AUTHORIZATION_GRANTS_REFRESH_PERIOD_SECONDS

      public static final String STRIMZI_AUTHORIZATION_GRANTS_REFRESH_PERIOD_SECONDS
      The time period in seconds for the background job to refresh the cached grants for active sessions. That allows changes in permissions to be detected for active sessions .
      See Also:

    • STRIMZI_AUTHORIZATION_GRANTS_REFRESH_POOL_SIZE

      public static final String STRIMZI_AUTHORIZATION_GRANTS_REFRESH_POOL_SIZE
      The number of worker threads used by the background job that refreshes the grants.
      See Also:

    • STRIMZI_AUTHORIZATION_GRANTS_MAX_IDLE_TIME_SECONDS

      public static final String STRIMZI_AUTHORIZATION_GRANTS_MAX_IDLE_TIME_SECONDS
      The maximum time in seconds that a grant is kept in grants cache without being accessed. It allows for active releasing of memory rather than waiting for VM's gc() to kick in.
      See Also:

    • STRIMZI_AUTHORIZATION_GRANTS_GC_PERIOD_SECONDS

      public static final String STRIMZI_AUTHORIZATION_GRANTS_GC_PERIOD_SECONDS
      A period in seconds for a background service that removes no-longer-used grants information from grants cache.
      See Also:

    • STRIMZI_AUTHORIZATION_HTTP_RETRIES

      public static final String STRIMZI_AUTHORIZATION_HTTP_RETRIES
      A maximum number of retries to attempt if the request to Keycloak token endpoint fails in unexpected way (connection timeout, read timeout, unexpected HTTP status code, unexpected response body).
      See Also:

    • STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_LOCATION

      public static final String STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_LOCATION
      Truststore file location
      See Also:

    • STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_CERTIFICATES

      public static final String STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_CERTIFICATES
      Trusted certificates in PEM format as alternative way to provide certs
      See Also:

    • STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_PASSWORD

      public static final String STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_PASSWORD
      Truststore password
      See Also:

    • STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_TYPE

      public static final String STRIMZI_AUTHORIZATION_SSL_TRUSTSTORE_TYPE
      Truststore type
      See Also:

    • STRIMZI_AUTHORIZATION_SSL_SECURE_RANDOM_IMPLEMENTATION

      public static final String STRIMZI_AUTHORIZATION_SSL_SECURE_RANDOM_IMPLEMENTATION
      Pseudo random number generator implementation to use for HTTPS.
      See Also:

    • STRIMZI_AUTHORIZATION_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM

      public static final String STRIMZI_AUTHORIZATION_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM
      Certificate checking method to use for HTTPS.
      See Also:

    • STRIMZI_AUTHORIZATION_CONNECT_TIMEOUT_SECONDS

      public static final String STRIMZI_AUTHORIZATION_CONNECT_TIMEOUT_SECONDS
      Connect timeout for connections to the token endpoint in seconds.
      See Also:

    • STRIMZI_AUTHORIZATION_READ_TIMEOUT_SECONDS

      public static final String STRIMZI_AUTHORIZATION_READ_TIMEOUT_SECONDS
      Read timeout for connections to the token endpoint in seconds.
      See Also:

    • STRIMZI_AUTHORIZATION_ENABLE_METRICS

      public static final String STRIMZI_AUTHORIZATION_ENABLE_METRICS
      Enable authorization specific metrics.
      See Also:

    • STRIMZI_AUTHORIZATION_REUSE_GRANTS

      public static final String STRIMZI_AUTHORIZATION_REUSE_GRANTS
      Reuse cached grants for the same principal (user id) possibly fetched by another session using a different access token.
      See Also:

    • STRIMZI_AUTHORIZATION_INCLUDE_ACCEPT_HEADER

      public static final String STRIMZI_AUTHORIZATION_INCLUDE_ACCEPT_HEADER
      Disable sending the Accept header to the upstream server.
      See Also: