如何在消费消息之前在Kafka中对主题进行身份验证/授权
[英]How to authenticate/authorize a consumer in Kafka for a topic before it consumes the message
问题描述
In kafka, is there a way to authenticate / authorize a consumer every time a consumer tries to read a message on a topic that it has subscriber to ? 
在kafka中,每次消费者尝试阅读有关订阅者主题的消息时,是否有办法对消费者进行身份验证/授权?
The use case here is that a consumer should be able to present a auth token to the kafka broker and then, broker should be able to validate that token before letting consumer read a message from the topic. 这里的用例是消费者应该能够向kafka代理提供身份验证令牌,然后,代理应该能够在让消费者从主题中读取消息之前验证该令牌。
Is the achievable in kafka ? 在卡夫卡可以实现吗?
1 个解决方案
解决方案1
6 已采纳 2018-01-24 09:38:07
Kafka provides both pluggable authentication and authorization mechanisms. Kafka提供可插入的身份验证和授权机制。
For authentication, the process of creating your own logic is described in: Can Kafka be provided with custom LoginModule to support LDAP? 对于身份验证,创建自己的逻辑的过程描述如下:是否可以为Kafka提供自定义LoginModule以支持LDAP?
For authorization, you simply need to provide a class that implements the Authorizer interface ( https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/security/auth/Authorizer.scala ) and set authorizer.class.name to your class in server.properties . 对于授权,您只需提供一个实现Authorizer接口的类( https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/security/auth/Authorizer.scala )并将authorizer.class.name设置为server.properties的类。
Authentication is only performed when a client connects so if you require validation to happen for every consume action, you'll have to use authorizations. 身份验证仅在客户端连接时执行,因此如果您需要对每个使用操作进行验证,则必须使用授权。
I suggest you get yourself familiar with Kafka security features and more specifically Authorizations: http://kafka.apache.org/documentation/#security_authz 我建议您熟悉Kafka安全功能,更具体地说是授权: http : //kafka.apache.org/documentation/#security_authz
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.