![](/img/trans.png)
[英]org.apache.kafka.common.errors.TimeoutException: Timeout expired while fetching topic metadata for Kafka Cluster using jaas SASL config authentication
[英]Kafka authentication with Jaas config
我已經在我的 spring 啟動應用程序中將我的 Kafka jaas 配置設置為外部 bean,以從我的 application.yaml 文件中讀取我的配置。
但是我從 yaml 文件中讀取我的 jaas keytab 文件時遇到錯誤。
面臨的錯誤
Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information from the user
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:918) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:738) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592) ~[jdk.security.auth:na]
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) ~[na:na]
at org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:60) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.kerberos.KerberosLogin.login(KerberosLogin.java:103) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:112) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158) ~[kafka-clients-2.5.1.jar:na]
這就是我配置我的 jaas 的方式
KafkaJaasConfigurationProperty.java
@Component
@ConfigurationProperties(prefix = "kafka.jaas")
@Getter
@Setter
public class KafkaJaasConfigurationProperties {
private Map<String, String> options;
}
應用程序.yml
kafka:
jaas:
options:
useKeyTab: true
keytab: keytab-value
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
KafkaJaasConfigurationBean.java
@Bean
public KafkaJaasLoginModuleInitializer jaasConfig(
KafkaJaasConfigurationProperties kafkaJaasConfigurationProperties
) throws IOException {
var jaasConfig = new KafkaJaasLoginModuleInitializer();
jaasConfig.setControlFlag(KafkaJaasLoginModuleInitializer.ControlFlag.REQUIRED);
jaasConfig.setOptions(kafkaJaasConfigurationProperties.getOptions());
return jaasConfig;
}
任何幫助將不勝感激。 謝謝!
查看錯誤,您提供的 jass 配置中的 keytab 文件似乎沒有被 KafkaJaasLoginModuleInitializer 拾取。
我可以看到您的 jass 配置中有錯字,即"keytab" property value will be "keyTab"
kafka:
jaas:
options:
useKeyTab: true
keyTab: keytab-value #Try changing this
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
我認為這應該可以工作,並且應該能夠獲取 keytab 文件。
SPRING 卡夫卡示例
但是,如果您使用的是 spring kafka,您也可以直接提供 jaas 配置,而無需為 KafkaJaasLoginModuleInitializer 創建自己的 bean。
Spring kafka 示例應用程序。yaml
spring:
kafka:
jaas:
control-flag: required
enabled: true
login-module: com.sun.security.auth.module.Krb5LoginModule
options:
useKeyTab: true
keyTab: keytab-value
storeKey: true
debug: true
serviceName: kafka
principal: pricipal-value
希望這對你有幫助!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.