Kafka:安全认证SASL

kafka安装部署省略…

• 首先需要在config目录下新建文件kafka_server_jaas.conf，配置如下

  KafkaServer {
      org.apache.kafka.common.security.plain.PlainLoginModule required
      username="admin"
      password="admin"
      user_admin="admin"
      user_alice="alice";
  };
  

• bin目录下kafka-run-class.sh脚本中加入如下：

  //实际就加入一行
  KAFKA_SASL_OPTS='-Djava.security.auth.login.config=/home/appuser/test/kafka_2.12-2.2.1/kafka_server_jaas.conf'
  
  # Launch mode
  if [ "x$DAEMON_MODE" = "xtrue" ]; then
    nohup $JAVA $KAFKA_HEAP_OPTS $KAFKA_JVM_PERFORMANCE_OPTS $KAFKA_GC_LOG_OPTS $KAFKA_JMX_OPTS $KAFKA_LOG4J_OPTS -cp $CLASSPATH $KAFKA_OPTS "[email protected]" > "$CONSOLE_OUTPUT_FILE" 2>&1 < /dev/null &
  else
    exec $JAVA $KAFKA_HEAP_OPTS $KAFKA_JVM_PERFORMANCE_OPTS $KAFKA_GC_LOG_OPTS $KAFKA_JMX_OPTS $KAFKA_LOG4J_OPTS -cp $CLASSPATH $KAFKA_OPTS "[email protected]"
  fi
  

• config文件夹下server.properties中加入如下配置，并启动zk和kafka(集群配置相同)

  listeners=SASL_PLAINTEXT://ip:9092
  security.inter.broker.protocol=SASL_PLAINTEXT
  sasl.enabled.mechanisms=PLAIN
  sasl.mechanism.inter.broker.protocol=PLAIN
  authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
  allow.everyone.if.no.acl.found=true
  super.users=User:admin;User:alice
  port=9092
  

• 新建文件kafka_client_jaas.conf，内容如下:

  KafkaClient {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="alice"
    password="alice";
  };
  

• springboot中加入如下代码：

  	static {
          System.setProperty("java.security.auth.login.config", "D:/kafka_client_jaas.conf");
      }
  	//配置中加入
  	props.put("security.protocol", "SASL_PLAINTEXT");
      props.put("sasl.mechanism", "PLAIN");