CONFLUENT PLATFORM
Confluent REST Proxy allows producing and consuming messages of different formats through a REST interface. The security plugin provides the capability to authenticate an incoming request, build the principal, and then propagate the same requests to Apache Kafka® using the configured security mechanism. The authorization is enforced through Kafka ACLs, which provide granular access controls based on Kafka’s ACL implementation (such as limiting access to topics, in which case the client principal is propagated to Kafka and has the same access as if connected with that principal in any other client).
Important
This software is available under a Confluent enterprise license. You can use this software for a 30-day trial period without a license key. If you are a subscriber, please contact Confluent Support at support@confluent.io for more information.
The Confluent security plugins are an extension to Confluent Platform components. The security plugins are installed by default if you are using ZIP and TAR archives, but must be installed manually if you are using DEB or RPM packages.
The default location for the Confluent REST Proxy Security Plugins is:
<path-to-confluent>/share/java/kafka-rest/confluent-security-plugins-common-<version>.jar <path-to-confluent>/share/java/kafka-rest/confluent-kafka-rest-security-plugin-<version>.jar
If you installed Confluent Platform by using ZIP or TAR archives, the security plugins are installed by default and are located in <path-to-confluent>/share/java/ in the individual component directories.
<path-to-confluent>/share/java/
If you installed Confluent Platform in a Ubuntu or Debian environment, you must install the plugins separately with this command:
sudo apt-get update && sudo apt-get install confluent-security
If you installed Confluent Platform in a RHEL, CentOS, or Fedora-based environment, you must install the plugins separately with this command:
sudo yum install confluent-security
After the installation is complete, you must add the following configuration in the Confluent REST Proxy configuration file (/etc/kafka-rest/kafka-rest.properties) to activate the plugins.
/etc/kafka-rest/kafka-rest.properties
kafka.rest.resource.extension.class=io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension
kafka.rest.resource.extension.class
Fully qualified class name of a valid implementation of the interface RestResourceExtension. This can be used to inject user defined resources like filters. Typically used to add custom capability like logging, security, etc
For information on how to leverage the REST Proxy Security Plugins to propagate credentials from REST Proxy to Kafka brokers, see REST Proxy Credentials Propagation.