[英]org.apache.kafka.common.errors.TimeoutException: Timeout expired while fetching topic metadata for Kafka Cluster using jaas SASL config authentication
[英]Kafka authentication with Jaas config
我已经在我的 spring 启动应用程序中将我的 Kafka jaas 配置设置为外部 bean,以从我的 application.yaml 文件中读取我的配置。
但是我从 yaml 文件中读取我的 jaas keytab 文件时遇到错误。
面临的错误
Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information from the user
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:918) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:738) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592) ~[jdk.security.auth:na]
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) ~[na:na]
at org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:60) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.kerberos.KerberosLogin.login(KerberosLogin.java:103) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:112) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158) ~[kafka-clients-2.5.1.jar:na]
这就是我配置我的 jaas 的方式
KafkaJaasConfigurationProperty.java
@Component
@ConfigurationProperties(prefix = "kafka.jaas")
@Getter
@Setter
public class KafkaJaasConfigurationProperties {
private Map<String, String> options;
}
应用程序.yml
kafka:
jaas:
options:
useKeyTab: true
keytab: keytab-value
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
KafkaJaasConfigurationBean.java
@Bean
public KafkaJaasLoginModuleInitializer jaasConfig(
KafkaJaasConfigurationProperties kafkaJaasConfigurationProperties
) throws IOException {
var jaasConfig = new KafkaJaasLoginModuleInitializer();
jaasConfig.setControlFlag(KafkaJaasLoginModuleInitializer.ControlFlag.REQUIRED);
jaasConfig.setOptions(kafkaJaasConfigurationProperties.getOptions());
return jaasConfig;
}
任何帮助将不胜感激。 谢谢!
查看错误,您提供的 jass 配置中的 keytab 文件似乎没有被 KafkaJaasLoginModuleInitializer 拾取。
我可以看到您的 jass 配置中有错字,即"keytab" property value will be "keyTab"
kafka:
jaas:
options:
useKeyTab: true
keyTab: keytab-value #Try changing this
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
我认为这应该可以工作,并且应该能够获取 keytab 文件。
SPRING 卡夫卡示例
但是,如果您使用的是 spring kafka,您也可以直接提供 jaas 配置,而无需为 KafkaJaasLoginModuleInitializer 创建自己的 bean。
Spring kafka 示例应用程序。yaml
spring:
kafka:
jaas:
control-flag: required
enabled: true
login-module: com.sun.security.auth.module.Krb5LoginModule
options:
useKeyTab: true
keyTab: keytab-value
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
希望这对你有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.