设置客户端端的SASL身份验证以连接两个不同的Kafka集群。

huangapple go评论31阅读模式
英文:

Setup client side SASL authentication to connect with two different kafka clusters

问题

我有一个Spring Boot应用程序,它连接到我的Kafka集群。
应用程序(作为Kafka客户端)使用SASL身份验证,并在初始化Kafka生产者和消费者之前通过System.setProperty()指定了JAAS配置。
在单个Kafka集群设置中,它可以正常工作。

kafka_client_jaas.conf

KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="myClusterUser"
password="user-secret";
};

MyKafkaProducer.java


private void init()
{
System.setProperty("java.security.auth.login.config", "kafka_client_jaas.conf");

}

现在我有一个与我的Kafka集群完全断开连接的第三方(他人的)Kafka集群。第三方Kafka集群也使用SASL身份验证。

Java应用程序如何连接到两个不同的Kafka集群,而且两个集群都需要SASL身份验证?两个集群的用户名和密码不同,而我只能在java.security.auth.login.config中设置一个JAAS配置文件。

英文:

I have spring boot application which connect to my kafka cluster.
Application(as kafka client) uses SASL authentication and I specified JAAS configuration through System.setProperty() before initializing kafka producer and consumer.
It is working fine with single kafka cluster setup.

kafka_client_jaas.conf

KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="myClusterUser"
  password="user-secret";
};

MyKafkaProducer.java

…
private void init()
{
	System.setProperty("java.security.auth.login.config", "kafka_client_jaas.conf");
	…
}

Now I have a third party(someone else’s) kafka cluster which is completely disconnected from my kafka cluster. Third party kafka cluster also uses SASL authentication.

How java application can connect to two different kafka clusters and both clusters required SASL authentication?
Username and password are different for both the clusters and I can set only one JAAS config file in java.security.auth.login.config.

答案1

得分: 2

自Kafka 0.10.2版本以来,您可以使用sasl.jaas.config设置来配置每个Kafka客户端的SASL身份验证。这使得在单个JVM中运行多个具有不同(或相同)SASL配置的Kafka客户端成为可能。

要实现这一点:

  • 取消设置java.security.auth.login.config

  • 在每个Kafka客户端的属性中添加sasl.jaas.config。例如:

    sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
      username="myClusterUser" \
      password="user-secret";
    

    请参阅完整详情,请查看http://kafka.apache.org/documentation.html#security_sasl_plain_clientconfig

  • MyKafkaClient.java

    import org.apache.kafka.common.config.SaslConfigs;
    private void init() {
      properties.put(SaslConfigs.SASL_JAAS_CONFIG,
      "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"myClusterUser\" password=\"user-secret\"");
    }
    
  • 删除您的JAAS文件

英文:

Since Kafka 0.10.2, you can use the sasl.jaas.config setting to configure SASL authentication per Kafka client. This enables running multiple Kafka clients with different (or the same) SASL configurations in a single JVM.

To do so:

  • Unset java.security.auth.login.config

  • In each Kafka client properties add sasl.jaas.config. For example:

    sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
      username="myClusterUser" \
      password="user-secret";
    

    see http://kafka.apache.org/documentation.html#security_sasl_plain_clientconfig for the full details

  • MyKafkaClient.java

    import org.apache.kafka.common.config.SaslConfigs;
    private void init() {
      properties.put(SaslConfigs.SASL_JAAS_CONFIG,
      "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"myClusterUser\" password=\"user-secret\"");
    }
    
  • delete your JAAS file

huangapple
  • 本文由 发表于 2020年7月23日 04:22:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/63042602.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定