Kafka-配置Kerberos安全认证(JDK8、JDK11)_kafka kerberos认证

作者：人工智能uu | 2024-08-09 02:26:03

踩

kafka kerberos认证

一、相关配置

1、JAAS 配置文件


KafkaClient {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    serviceName="kafka"
    keyTab="D:/code/demo/conf/kafka.service.keytab"
    principal="kafka/hdp-1";
};

2、keytab 文件（kafka.service.keytab）

从 Kerberos 服务器上拷贝到目标机器或找运维人员要一份

3、Kerberos 配置文件（krb5.conf）

krb5文件参数说明：krb5.conf(5)

从 Kerberos 服务器上拷贝到目标机器或找运维人员要一份


# Configuration snippets may be placed in this directory as well
# JDK11此行配置要去掉
includedir /etc/krb5.conf.d/
 
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
[libdefaults]
  default_realm = HADOOP.COM 
  dns_lookup_realm = false
  dns_lookup_kdc = false
  ticket_lifetime = 24h  
  renew_lifetime = 7d   
  forwardable = true
  rdns = false
  udp_preference_limit = 1
 
[realms]
 HADOOP.COM = {   
  kdc = hdp-1:88  
  admin_server = hdp-1:749
  default_domain = HADOOP.COM
 }
 
[domain_realm]
 .HADOOP.COM = HADOOP.COM 
 HADOOP.COM = HADOOP.COM

Tip：JDK11版本 sun.security.krb5.Config 类有修改，不去掉会有如下报错：

Caused by: KrbException: krb5.conf loading failed

readConfigFileLines方法：

二、修改hosts文件

192.168.16.14  hdp-1

三、根据自己的kafka版本引入依赖


        <!-- 需要引入与所安装的kafka对应版本的依赖 -->
        <dependency>
            <groupId>org.apache.kafka</groupId>
            <artifactId>kafka-clients</artifactId>
            <version>3.1.0</version>
        </dependency>

四、生产者样例代码


package com.example.demo.kafka;
 
import org.apache.kafka.clients.producer.KafkaProducer;
import org.apache.kafka.clients.producer.Producer;
import org.apache.kafka.clients.producer.ProducerRecord;
 
import java.util.Properties;
 
/**
 * @Author: meng
 * @Version: 1.0
 */
public class ProductKafkaKerberos {
 
    public static void main(String[] args) {
        String filePath = System.getProperty("user.dir") + "\\conf\\";
        System.setProperty("java.security.auth.login.config", filePath + "kafka_client_jaas.conf");
        System.setProperty("java.security.krb5.conf", filePath + "krb5.conf");
 
        Properties props = new Properties();
        props.put("bootstrap.servers", "hdp-1:9092");
        props.put("acks", "all");
        props.put("key.serializer", "org.apache.kafka.common.serialization.StringSerializer");
        props.put("value.serializer", "org.apache.kafka.common.serialization.StringSerializer");
        // sasl
        props.put("jaas.enabled", true);
        props.put("sasl.mechanism", "GSSAPI");
        props.put("security.protocol", "SASL_PLAINTEXT");
        props.put("sasl.kerberos.service.name", "kafka");
 
        Producer<String, String> producer = new KafkaProducer<>(props);
        for (int i = 0; i < 3; i++) {
            producer.send(new ProducerRecord<String, String>("test", Integer.toString(i), Integer.toString(i)));
        }
        System.out.println("producer is success");
        producer.close();
    }
 
}

五、消费者样例代码


package com.example.demo.kafka;
 
import org.apache.kafka.clients.consumer.ConsumerRecord;
import org.apache.kafka.clients.consumer.ConsumerRecords;
import org.apache.kafka.clients.consumer.KafkaConsumer;
 
import java.time.Duration;
import java.util.Arrays;
import java.util.Properties;
 
/**
 * @Author: meng
 * @Version: 1.0
 */
public class ConsumertKafkaKerberos {
 
    public static void main(String[] args) {
        String filePath = System.getProperty("user.dir") + "\\conf\\";
        System.setProperty("java.security.auth.login.config", filePath + "kafka_client_jaas.conf");
        System.setProperty("java.security.krb5.conf", filePath + "krb5.conf");
 
        Properties props = new Properties();
        props.put("bootstrap.servers", "hdp-1:9092");
        props.put("group.id", "test_group");
        props.put("enable.auto.commit", "true");
        props.put("auto.commit.interval.ms", "1000");
        props.put("key.deserializer", "org.apache.kafka.common.serialization.StringDeserializer");
        props.put("value.deserializer", "org.apache.kafka.common.serialization.StringDeserializer");
        // sasl
        props.put("sasl.mechanism", "GSSAPI");
        props.put("security.protocol", "SASL_PLAINTEXT");
        props.put("sasl.kerberos.service.name", "kafka");
 
        @SuppressWarnings("resource")
        KafkaConsumer<String, String> consumer = new KafkaConsumer<String, String>(props);
        String topic = "test";
        consumer.subscribe(Arrays.asList(topic));
        while (true) {
            try {
                ConsumerRecords<String, String> records = consumer.poll(Duration.ofMillis(1000));
                for (ConsumerRecord<String, String> record : records) {
                    System.out.printf("offset = %d, partition = %d, key = %s, value = %s%n",
                            record.offset(), record.partition(), record.key(), record.value());
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }
 
}

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/人工智能uu/article/detail/950991