堆栈内存溢出
  简体   繁体   English

使用 Jaas 配置进行 Kafka 身份验证

[英]Kafka authentication with Jaas config

 原文  2021-04-28 04:40:18       java/ spring-boot/ spring-security/ apache-kafka/ jaas

问题描述

I have set up my Kafka jaas config as an external bean in my spring boot application to read my configuration from my application.yaml file.我已经在我的 spring 启动应用程序中将我的 Kafka jaas 配置设置为外部 bean,以从我的 application.yaml 文件中读取我的配置。

But I am facing an error reading my jaas keytab file from my yaml file.但是我从 yaml 文件中读取我的 jaas keytab 文件时遇到错误。

Error faced面临的错误

Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner  authentication information from the user
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:918) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:738) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592) ~[jdk.security.auth:na]
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) ~[na:na]
at org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:60) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.kerberos.KerberosLogin.login(KerberosLogin.java:103) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:112) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158) ~[kafka-clients-2.5.1.jar:na]

This is how I have configured my jaas这就是我配置我的 jaas 的方式

KafkaJaasConfigurationProperty.java KafkaJaasConfigurationProperty.java

@Component
@ConfigurationProperties(prefix = "kafka.jaas")
@Getter
@Setter
public class KafkaJaasConfigurationProperties {
  private Map<String, String> options;
}

application.yml应用程序.yml

kafka:
 jaas:
  options:
   useKeyTab: true
   keytab: keytab-value
   storeKey: true
   debug: true
   serviceName: kafka
   principal: pricipal-value

KafkaJaasConfigurationBean.java KafkaJaasConfigurationBean.java

@Bean
public KafkaJaasLoginModuleInitializer jaasConfig(
    KafkaJaasConfigurationProperties kafkaJaasConfigurationProperties
) throws IOException {
    var jaasConfig = new KafkaJaasLoginModuleInitializer();
    jaasConfig.setControlFlag(KafkaJaasLoginModuleInitializer.ControlFlag.REQUIRED);
    jaasConfig.setOptions(kafkaJaasConfigurationProperties.getOptions());
    return jaasConfig;
}

Any help will be appreciated.任何帮助将不胜感激。 Thanks!谢谢!

1 个解决方案

解决方案1
 0 已采纳  2021-04-28 04:51:48

Looking at the error it seems like the keytab file from the jass config you provided is not getting picked up by the KafkaJaasLoginModuleInitializer.查看错误,您提供的 jass 配置中的 keytab 文件似乎没有被 KafkaJaasLoginModuleInitializer 拾取。

I can see there is a typo in your jass configuration ie "keytab" property value will be "keyTab"我可以看到您的 jass 配置中有错字,即"keytab" property value will be "keyTab"

kafka:
 jaas:
  options:
   useKeyTab: true
   keyTab: keytab-value #Try changing this
   storeKey: true
   debug: true
   serviceName: kafka
   principal: pricipal-value

I think this should work and it should be able to pick up keytab file.我认为这应该可以工作,并且应该能够获取 keytab 文件。

SPRING KAFKA EXAMPLE SPRING 卡夫卡示例

But if your are using spring kafka you can also directly give the jaas configuration without creating your own bean for KafkaJaasLoginModuleInitializer.但是,如果您使用的是 spring kafka,您也可以直接提供 jaas 配置,而无需为 KafkaJaasLoginModuleInitializer 创建自己的 bean。

Spring kafka example application.yaml Spring kafka 示例应用程序。yaml

spring:
  kafka:
    jaas:
      control-flag: required
      enabled: true
      login-module: com.sun.security.auth.module.Krb5LoginModule
      options:
        useKeyTab: true
        keyTab: keytab-value
        storeKey: true
        debug: true
        serviceName: kafka
        principal: pricipal-value

Hope this should help you !!希望这对你有帮助!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 org.apache.kafka.common.errors.TimeoutException:使用 jaas SASL 配置身份验证获取 Kafka 集群的主题元数据时超时 - org.apache.kafka.common.errors.TimeoutException: Timeout expired while fetching topic metadata for Kafka Cluster using jaas SASL config authentication Kafka“未在JAAS配置中指定登录模块” - Kafka “Login module not specified in JAAS config” Kafka Streams:JAAS 配置中未指定登录模块控制标志 - Kafka Streams: Login module control flag not specified in JAAS config 将 sasl.jaas.config 添加到 payara 上的 Kafka MDB - Adding sasl.jaas.config to Kafka MDB on payara Java Kafka 客户端动态 Sasl Jaas 配置更新 - Java Kafka Client Dynamic Sasl Jaas config update 保护JAAS配置文件 - Securing JAAS config file 没有JAAS的Kerberos身份验证? - Kerberos authentication without JAAS? Jaas JDBC 认证 - Jaas JDBC Authentication Waffle JAAS认证 - Waffle JAAS Authentication Jaas 基本身份验证 tomcat 7 - Jaas Basic Authentication tomcat 7
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM