authentication - Kafka认证Producer无法连接Producer

标签 authentication apache-kafka

我正在尝试复制 SASL_PLAIN 或 SASL_SSL 身份验证,描述于:http://docs.confluent.io/3.0.0/kafka/sasl.html#sasl-configuration-for-kafka-brokers

在 config/server.properties 中,我添加了以下 4 行:

listeners=SASL_SSL://localhost:9092
security.inter.broker.protocol=SASL_SSL
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN

在 config/producer.properties 中,我添加了以下两行:
security.protocol=SASL_SSL
sasl.mechanism=PLAIN

然后我在服务器终端中设置以下环境变量:
KAFKA_OPTS=/home/kafka/kafka_server_jaas.conf

该文件具有以下内容:
KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret"
   user_admin="admin-secret"
   user_alice="alice-secret";
};

在生产者终端中,我定义了以下环境变量:
KAFKA_OPTS=/home/kafka/kafka_client_jaas.conf

这个文件有以下内容:
KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="alice"
  password="alice-dsecret";
};

我使用以下命令启动服务器:
./bin/kafka-server-start.sh   config/server.properties

生产者使用以下命令:
bin/kafka-console-producer.sh --broker-list localhost:9092 --topic test

两者都开始没有问题。但是,只要我在生产者控制台上输入一些内容,我就会收到以下不断滚动的消息:
WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)
Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)
WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)
WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)
WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)
WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)
WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)
WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)

如果我从服务器和生产者配置中删除安全配置,一切都会按预期工作。我正在使用 Kafka 0.10.0.1。

更新:
我做了更多调查,将服务器上的日志级别设置为 DEBUG 会发现一些奇怪的东西。一旦我在 server.properties 中指定了 listeners 字段,服务器就会进入一个奇怪的状态。它与自己建立连接,但无法进行身份验证。本例中的协议(protocol)是 SASL_PLAINTEXT。

日志如下:
2016-09-15 21:43:02 DEBUG SaslClientAuthenticator:204 - Set SASL client state to RECEIVE_HANDSHAKE_RESPONSE
2016-09-15 21:43:02 DEBUG NetworkClient:476 - Completed connection to node 0
2016-09-15 21:43:02 DEBUG Acceptor:52 - Accepted connection from /127.0.0.1 on /127.0.0.1:9092. sendBufferSize [actual|requested]: [102400|102400] recvBufferSize [actual|requested]: [102400|102400]
2016-09-15 21:43:02 DEBUG Processor:52 - Processor 2 listening to new connection from /127.0.0.1:42815
2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:269 - Set SASL server state to HANDSHAKE_REQUEST
2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:310 - Handle Kafka request SASL_HANDSHAKE
2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:354 - Using SASL mechanism 'PLAIN' provided by client
2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:269 - Set SASL server state to AUTHENTICATE
2016-09-15 21:43:02 DEBUG SaslClientAuthenticator:204 - Set SASL client state to INITIAL
2016-09-15 21:43:02 DEBUG SaslClientAuthenticator:204 - Set SASL client state to INTERMEDIATE
2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:269 - Set SASL server state to FAILED
2016-09-15 21:43:02 DEBUG Selector:345 - Connection with /127.0.0.1 disconnected
java.io.IOException: javax.security.sasl.SaslException: Authentication failed: Invalid JAAS configuration [Caused by     javax.security.sasl.SaslException: Authentication failed: Invalid username or password]
at org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.authenticate(SaslServerAuthenticator.java:243)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:318)
at org.apache.kafka.common.network.Selector.poll(Selector.java:283)
at kafka.network.Processor.poll(SocketServer.scala:472)

绝对没有其他客户端或服务器在运行。这是一台服务器自言自语。

有什么想法吗?

最佳答案

帮助来自 Kafka 论坛。见 http://mail-archives.apache.org/mod_mbox/kafka-users/201609.mbox/%3CCAHX2Snk11vg7DXNVUr9oE97ikFSQUoT3kBLAxYymEDj7E14XrQ%40mail.gmail.com%3E

我的凭据错误。他们是:

KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret"
   user_admin="alice-secret"
   user_alice="alice-secret";
};

代替:
KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret"
   user_admin="admin-secret"
   user_alice="alice-secret";
};

此外,需要在某个特定时间调用控制台使用者。首先应该提供标志--new-consumer。其次,应指定引导服务器。导致:
bin/kafka-console-consumer.sh --new-consumer  --zookeeper localhost:2181 --topic test --from-beginning --consumer.config=config/consumer.properties  --bootstrap-server=localhost:9092

关于authentication - Kafka认证Producer无法连接Producer,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39521691/

上一篇:javascript - 在对象内部创建方法时出现意外标记 'this'

下一篇:authentication - 使用 django allauth 注册自定义用户

相关文章:

sql - 通过电子邮件链接恢复密码的数据库表

java - 使用 Android 应用程序将视频上​​传到 YouTube 时的身份验证问题

java - 使用 Spark 在 Kafka 上发布消息

spring - 使用消息系统的 2 个应用程序之间的交互

apache-kafka - ConcurrentKafkaListenerContainerFactory 中 kafka.concurrency 的默认值是多少?

java - TargetAuthenticationStrategy,更改优先顺序

apache - Wicket 口身份验证/登录

ios - 无法通过 openActiveSessionWithReadPermissions 对 Facebook 测试用户完成请求(错误代码 7)

java - 如何创建 Cassandra ITrigger 析构函数?

java - 如何连接两个 Kafka 流,每个流都有多个分区?

©2024 IT工具网  联系我们