使用 Jaas 配置的 Kafka 身份验证

时间:2021-04-28 04:40:18

标签: java spring-boot spring-security apache-kafka jaas

我已在 Spring Boot 应用程序中将我的 Kafka jaas 配置设置为外部 bean,以从我的 application.yaml 文件中读取我的配置。

但是我在从 yaml 文件读取 jaas 密钥表文件时遇到错误。

面临的错误

Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner  authentication information from the user
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:918) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:738) ~[jdk.security.auth:na]
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592) ~[jdk.security.auth:na]
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) ~[na:na]
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) ~[na:na]
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) ~[na:na]
at org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:60) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.kerberos.KerberosLogin.login(KerberosLogin.java:103) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:112) ~[kafka-clients-2.5.1.jar:na]
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158) ~[kafka-clients-2.5.1.jar:na]

这就是我如何配置我的 jaas

KafkaJaasConfigurationProperty.java

@Component
@ConfigurationProperties(prefix = "kafka.jaas")
@Getter
@Setter
public class KafkaJaasConfigurationProperties {
  private Map<String, String> options;
}

应用程序.yml

kafka:
 jaas:
  options:
   useKeyTab: true
   keytab: keytab-value
   storeKey: true
   debug: true
   serviceName: kafka
   principal: pricipal-value

KafkaJaasConfigurationBean.java

@Bean
public KafkaJaasLoginModuleInitializer jaasConfig(
    KafkaJaasConfigurationProperties kafkaJaasConfigurationProperties
) throws IOException {
    var jaasConfig = new KafkaJaasLoginModuleInitializer();
    jaasConfig.setControlFlag(KafkaJaasLoginModuleInitializer.ControlFlag.REQUIRED);
    jaasConfig.setOptions(kafkaJaasConfigurationProperties.getOptions());
    return jaasConfig;
}

任何帮助将不胜感激。谢谢!

1 个答案:

答案 0 :(得分:0)

查看错误,似乎 KafkaJaasLoginModuleInitializer 没有从您提供的 jas 配置中获取密钥表文件。

我可以看到您的 jas 配置中有一个错字,即 "keytab" property value will be "keyTab"

kafka:
 jaas:
  options:
   useKeyTab: true
   keyTab: keytab-value #Try changing this
   storeKey: true
   debug: true
   serviceName: kafka
   principal: pricipal-value

我认为这应该可行,并且应该能够获取密钥表文件。

春季卡夫卡示例

但是如果您使用的是 spring kafka,您也可以直接提供 jaas 配置,而无需为 KafkaJaasLoginModuleInitializer 创建自己的 bean。

Spring kafka 示例 应用程序.yaml

spring:
  kafka:
    jaas:
      control-flag: required
      enabled: true
      login-module: com.sun.security.auth.module.Krb5LoginModule
      options:
        useKeyTab: true
        keyTab: keytab-value
        storeKey: true
        debug: true
        serviceName: kafka
        principal: pricipal-value

希望对你有帮助!!

相关问题
最新问题