当前位置: 首页>后端>正文

java集成华为云kafka组件认证鉴权

华为云kafka组件我遇到的有两种型,一个是roma一个是mrs。两者鉴权方式虽然都是sasl,但是机制和协议不一样。roma的机制是PLAIN、协议是PLAINTEXT,mrs的机制是GSSAPI、协议为SASL_PLAINTEXT。

1、roma/kafka

1.1新增配置

kafka.sasl.mechanism: PLAIN

kafka.security.protocol: PLAINTEXT

2、mrs/kafka

2.1新增依赖

<dependency>

? ? <group>org.apache.kafka</group>

? ? <artifactId>kafka-clients</ artifactId>

? ? <version>2.4.0-hw-ei-302002</version>

</ dependency>

2.2新增配置

kafka.sasl.mechanism: GSSAPI

security.protocol: SASL_PLAINTEXT

kerberos.domain.name: hadoop.xxxxxxxxx.com

sasl.kerberos.service.name: kafka

2.3增加配置类

@Configuration

public class kafkaConfig{

? ? private String username = "test";

? ? private String krb5File = "/krb5.conf";

? ? private String userKeytabFile = "/rmc.keytab";

? ? @PostConstruct

? ? public void init(){
? ? ? ? KafkaSecurityPrepare.keybrosLogin(username, krb5File , userKeytabFile? );
????}

}

public class KafkaSecurityPrepare{

? ? public static void kerbrosLogin(String username,String krb5File,String userKeytabFile){
? ? ? ? KafkaLoginUtil.setKrb5Config(krb5File);

? ? ? ? KafkaLoginUtil.setZookeeperServerPrincipal("zookeeper/hadoop.hadoop.com");

? ? ? ? KafkaLoginUtil.setJaasFile(username,keytab);

????}

}

public class KafkaConfigUtil{

? ? public static void setKrb5Config(String krb5ConfigFile){
? ? ? ? System.setProperty("java.security.krb5.conf", krb5ConfigFile );
? ??????
????}

? ? public static void? setJaasFile(String principal,String keytabPath){
? ? ? ? String jaasPath = new File(System.getProperty("java.io.tmpdir"))+System.getProperty("user,name")+".jaas.conf";

? ? ? ? FileWriter writer = new FileWriter(new File(jaasPath));
? ? ? ? Module[] allModule = Module.values();

? ? ? ? StringBuilder builder = new Stringbuilder();

? ? ? ? for(Module module : allModule){
? ? ? ? ? ? builder.append(getModuleContext( principal , keytabPath ,module));

????????}
? ? ? ? writer.writer(builder);

? ? ? ? writer.flush();
????}

private static String getModuleContext(String principal,String keytabPath,Module module){
? ? Stringbuilder builder = ne wStringbuilder();

? ? String line = System.getProperty("line.separator") ;

? ? if(System.getProperty("java.vendor").contains("IBM")){
? ? ? ? builder.append(module.getName()).append(" {").append( line );

? ? ? ? builder.append("com.ibm.security.auth.module.Krb5LoginModule required").append( line );

? ? ? ? builder.append("credsType=both").append(line);

? ? ? ? builder.append("principal= \"" + principal + "\"").append(line);

? ? ? ? builder.append("userKeytab= \"" + keytabPath + "\"").append(line);

????????builder.append("debug= true;").append(line);

? ? ? ? builder.append("};").append(line);
? ? }else{
? ?????? builder.append(module.getName()).append(" {").append(?line?);? ? ? ? ????????builder.append("com.sun.security.auth.module.Krb5LoginModule required").append(?line?);? ? ? ?

? ? ? ? builder.append("userKeytab=true").append(line);

????????builder.append("principal= \"" + principal + "\"").append(line);? ? ? ?

????????builder.append("keytab= \"" + keytabPath + "\"").append(line);?

? ? ? ? builder.append("userTicketCache=false").append(line);
? ? ? ? builder.append("storeKey=true").append(line);? ? ? ?

????????builder.append("debug= true;").append(line);

? ? ? ? builder.append("};").append(line);
????}

return builder.toString();
? ??
}

}


https://www.xamrdz.com/backend/36a1923445.html

相关文章: