[英]Kafka authentication with Jaas config
I have set up my Kafka jaas config as an external bean in my spring boot application to read my configuration from my application.yaml file.我已经在我的 spring 启动应用程序中将我的 Kafka jaas 配置设置为外部 bean,以从我的 application.yaml 文件中读取我的配置。
But I am facing an error reading my jaas keytab file from my yaml file.但是我从 yaml 文件中读取我的 jaas keytab 文件时遇到错误。
Error faced面临的错误
Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information from the user
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:918) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:738) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592) ~[jdk.security.auth:na]
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) ~[na:na]
at org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:60) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.kerberos.KerberosLogin.login(KerberosLogin.java:103) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:112) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158) ~[kafka-clients-2.5.1.jar:na]
This is how I have configured my jaas这就是我配置我的 jaas 的方式
KafkaJaasConfigurationProperty.java KafkaJaasConfigurationProperty.java
@Component
@ConfigurationProperties(prefix = "kafka.jaas")
@Getter
@Setter
public class KafkaJaasConfigurationProperties {
private Map<String, String> options;
}
application.yml应用程序.yml
kafka:
jaas:
options:
useKeyTab: true
keytab: keytab-value
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
KafkaJaasConfigurationBean.java KafkaJaasConfigurationBean.java
@Bean
public KafkaJaasLoginModuleInitializer jaasConfig(
KafkaJaasConfigurationProperties kafkaJaasConfigurationProperties
) throws IOException {
var jaasConfig = new KafkaJaasLoginModuleInitializer();
jaasConfig.setControlFlag(KafkaJaasLoginModuleInitializer.ControlFlag.REQUIRED);
jaasConfig.setOptions(kafkaJaasConfigurationProperties.getOptions());
return jaasConfig;
}
Any help will be appreciated.任何帮助将不胜感激。 Thanks!谢谢!
Looking at the error it seems like the keytab file from the jass config you provided is not getting picked up by the KafkaJaasLoginModuleInitializer.查看错误,您提供的 jass 配置中的 keytab 文件似乎没有被 KafkaJaasLoginModuleInitializer 拾取。
I can see there is a typo in your jass configuration ie "keytab" property value will be "keyTab"
我可以看到您的 jass 配置中有错字,即"keytab" property value will be "keyTab"
kafka:
jaas:
options:
useKeyTab: true
keyTab: keytab-value #Try changing this
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
I think this should work and it should be able to pick up keytab file.我认为这应该可以工作,并且应该能够获取 keytab 文件。
SPRING KAFKA EXAMPLE SPRING 卡夫卡示例
But if your are using spring kafka you can also directly give the jaas configuration without creating your own bean for KafkaJaasLoginModuleInitializer.但是,如果您使用的是 spring kafka,您也可以直接提供 jaas 配置,而无需为 KafkaJaasLoginModuleInitializer 创建自己的 bean。
Spring kafka example application.yaml Spring kafka 示例应用程序。yaml
spring:
kafka:
jaas:
control-flag: required
enabled: true
login-module: com.sun.security.auth.module.Krb5LoginModule
options:
useKeyTab: true
keyTab: keytab-value
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
Hope this should help you !!希望这对你有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.