华为云kafka组件我遇到的有两种类型,一个是roma一个是mrs。两者鉴权方式虽然都是sasl,但是机制和协议不一样。roma的机制是PLAIN、协议是PLAINTEXT,mrs的机制是GSSAPI、协议为SASL_PLAINTEXT。
1、roma/kafka
1.1新增配置
kafka.sasl.mechanism: PLAIN
kafka.security.protocol: PLAINTEXT
2、mrs/kafka
2.1新增依赖
<dependency>
? ? <group>org.apache.kafka</group>
? ? <artifactId>kafka-clients</ artifactId>
? ? <version>2.4.0-hw-ei-302002</version>
</ dependency>
2.2新增配置
kafka.sasl.mechanism: GSSAPI
security.protocol: SASL_PLAINTEXT
kerberos.domain.name: hadoop.xxxxxxxxx.com
sasl.kerberos.service.name: kafka
2.3增加配置类
@Configuration
public class kafkaConfig{
? ? private String username = "test";
? ? private String krb5File = "/krb5.conf";
? ? private String userKeytabFile = "/rmc.keytab";
? ? @PostConstruct
? ? public void init(){
? ? ? ? KafkaSecurityPrepare.keybrosLogin(username, krb5File , userKeytabFile? );
????}}
public class KafkaSecurityPrepare{
? ? public static void kerbrosLogin(String username,String krb5File,String userKeytabFile){
? ? ? ? KafkaLoginUtil.setKrb5Config(krb5File);? ? ? ? KafkaLoginUtil.setZookeeperServerPrincipal("zookeeper/hadoop.hadoop.com");
? ? ? ? KafkaLoginUtil.setJaasFile(username,keytab);
????}
}
public class KafkaConfigUtil{
? ? public static void setKrb5Config(String krb5ConfigFile){
? ? ? ? System.setProperty("java.security.krb5.conf", krb5ConfigFile );
? ??????
????}? ? public static void? setJaasFile(String principal,String keytabPath){
? ? ? ? String jaasPath = new File(System.getProperty("java.io.tmpdir"))+System.getProperty("user,name")+".jaas.conf";? ? ? ? FileWriter writer = new FileWriter(new File(jaasPath));
? ? ? ? Module[] allModule = Module.values();? ? ? ? StringBuilder builder = new Stringbuilder();
? ? ? ? for(Module module : allModule){
? ? ? ? ? ? builder.append(getModuleContext( principal , keytabPath ,module));????????}
? ? ? ? writer.writer(builder);? ? ? ? writer.flush();
????}private static String getModuleContext(String principal,String keytabPath,Module module){
? ? Stringbuilder builder = ne wStringbuilder();? ? String line = System.getProperty("line.separator") ;
? ? if(System.getProperty("java.vendor").contains("IBM")){
? ? ? ? builder.append(module.getName()).append(" {").append( line );? ? ? ? builder.append("com.ibm.security.auth.module.Krb5LoginModule required").append( line );
? ? ? ? builder.append("credsType=both").append(line);
? ? ? ? builder.append("principal= \"" + principal + "\"").append(line);
? ? ? ? builder.append("userKeytab= \"" + keytabPath + "\"").append(line);
????????builder.append("debug= true;").append(line);
? ? ? ? builder.append("};").append(line);
? ? }else{
? ?????? builder.append(module.getName()).append(" {").append(?line?);? ? ? ? ????????builder.append("com.sun.security.auth.module.Krb5LoginModule required").append(?line?);? ? ? ?? ? ? ? builder.append("userKeytab=true").append(line);
????????builder.append("principal= \"" + principal + "\"").append(line);? ? ? ?
????????builder.append("keytab= \"" + keytabPath + "\"").append(line);?
? ? ? ? builder.append("userTicketCache=false").append(line);
? ? ? ? builder.append("storeKey=true").append(line);? ? ? ?????????builder.append("debug= true;").append(line);
? ? ? ? builder.append("};").append(line);
????}return builder.toString();
? ??
}}