英文:
Setup client side SASL authentication to connect with two different kafka clusters
问题
我有一个Spring Boot应用程序,它连接到我的Kafka集群。
应用程序(作为Kafka客户端)使用SASL身份验证,并在初始化Kafka生产者和消费者之前通过System.setProperty()指定了JAAS配置。
在单个Kafka集群设置中,它可以正常工作。
kafka_client_jaas.conf
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="myClusterUser"
password="user-secret";
};
MyKafkaProducer.java
…
private void init()
{
System.setProperty("java.security.auth.login.config", "kafka_client_jaas.conf");
…
}
现在我有一个与我的Kafka集群完全断开连接的第三方(他人的)Kafka集群。第三方Kafka集群也使用SASL身份验证。
Java应用程序如何连接到两个不同的Kafka集群,而且两个集群都需要SASL身份验证?两个集群的用户名和密码不同,而我只能在java.security.auth.login.config
中设置一个JAAS配置文件。
英文:
I have spring boot application which connect to my kafka cluster.
Application(as kafka client) uses SASL authentication and I specified JAAS configuration through System.setProperty() before initializing kafka producer and consumer.
It is working fine with single kafka cluster setup.
kafka_client_jaas.conf
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="myClusterUser"
password="user-secret";
};
MyKafkaProducer.java
…
private void init()
{
System.setProperty("java.security.auth.login.config", "kafka_client_jaas.conf");
…
}
Now I have a third party(someone else’s) kafka cluster which is completely disconnected from my kafka cluster. Third party kafka cluster also uses SASL authentication.
How java application can connect to two different kafka clusters and both clusters required SASL authentication?
Username and password are different for both the clusters and I can set only one JAAS config file in java.security.auth.login.config
.
答案1
得分: 2
自Kafka 0.10.2版本以来,您可以使用sasl.jaas.config
设置来配置每个Kafka客户端的SASL身份验证。这使得在单个JVM中运行多个具有不同(或相同)SASL配置的Kafka客户端成为可能。
要实现这一点:
-
取消设置
java.security.auth.login.config
-
在每个Kafka客户端的属性中添加
sasl.jaas.config
。例如:sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \ username="myClusterUser" \ password="user-secret";
请参阅完整详情,请查看http://kafka.apache.org/documentation.html#security_sasl_plain_clientconfig
-
MyKafkaClient.java
import org.apache.kafka.common.config.SaslConfigs; private void init() { properties.put(SaslConfigs.SASL_JAAS_CONFIG, "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"myClusterUser\" password=\"user-secret\""); }
-
删除您的JAAS文件
英文:
Since Kafka 0.10.2, you can use the sasl.jaas.config
setting to configure SASL authentication per Kafka client. This enables running multiple Kafka clients with different (or the same) SASL configurations in a single JVM.
To do so:
-
Unset
java.security.auth.login.config
-
In each Kafka client properties add
sasl.jaas.config
. For example:sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \ username="myClusterUser" \ password="user-secret";
see http://kafka.apache.org/documentation.html#security_sasl_plain_clientconfig for the full details
-
MyKafkaClient.java
import org.apache.kafka.common.config.SaslConfigs; private void init() { properties.put(SaslConfigs.SASL_JAAS_CONFIG, "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"myClusterUser\" password=\"user-secret\""); }
-
delete your JAAS file
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论