November 2022
Beginner to intermediate
346 pages
11h
Chinese
Content preview from Kafka权威指南(第2版)
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
保护
Kafka
|
217
超级用户可以访问所有资源,不受任何限制,而且不能用
Deny
ACL
禁止超级用户的权限。
如果
Carol
的凭证被泄露,则必须将
Carol
从
super.users
中移除,然后重启
broker
,让变
更生效。在生产环境中,通过
ACL
为用户授予特定权限会更为安全,因为在必要时可以
轻松将其撤销。
超级用户分隔符
与
Kafka
中其他使用逗号分隔的配置参数不同,
super.users
使用分号来分隔
多个用户,因为用户主体(比如
SSL
证书的可识别名称)通常会包含逗号。
如果
allow.everyone.if.no.acl.found
被设置为
true
,那么所有用户都可以访问没有配置
ACL
的资源。如果是第一次在集群中启用授权或在开发过程中启用授权
,那么这个可能很
有用,但不适合用在生产环境中,因为这样有可能在无意中授予了访问新资源的权限。而
且,如果添加了与前缀或通配符匹配的
ACL
,则不再满足
no.acl.found
条件,访问权限
有可能被意外移除。
11.5.2
自定义授权
在
Kafka
中,可以自定义授权,这样就可以实现额外的控制或增加新的访问控制类型,比
如基于角色的访问控制。
下面的自定义授权器限制了只有内部监听器可以处理某些请求。为简单起见,请求和监听
器名称都是硬编码的。当然,如果想灵活一点儿,则可以通过自定义授权器的属性来配置
它们。
public class CustomAuthorizer extends AclAuthorizer {
private static final Set<Short> ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.