gpt4 book ai didi

java - jaas.conf 中未选取 KafkaClient 部分

转载 作者:行者123 更新时间:2023-12-02 09:30:52 25 4
gpt4 key购买 nike

我正在尝试对 KafkaConsumer 使用 kerberos 身份验证。

为此,我添加了以下属性。

    props.put("security.protocol", "SASL_PLAINTEXT"); // Setting this means we try to look in jaas.conf
props.put("sasl.kerberos.service.name", "kafka");

但是,我收到一条错误消息:

java.lang.IllegalArgumentException: Could not find a 'KafkaClient' entry in the JAAS configuration. System property 'java.security.auth.login.config' is /Users/jhutc/projects/molly/Monitor-Lizard-API/out/production/resources/hive_config/local/jaas.conf

完整错误:

Caused by: org.apache.kafka.common.KafkaException: Failed to construct kafka consumer
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:799) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:615) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:596) ~[kafka-clients-2.0.0.jar:?]
at com.xxx.xx.moli.data.KafkaDataHelper.getConsumer(KafkaDataHelper.java:293) ~[classes/:?]
... 53 more
Caused by: java.lang.IllegalArgumentException: Could not find a 'KafkaClient' entry in the JAAS configuration. System property 'java.security.auth.login.config' is /Users/jhutc/projects/molly/Monitor-Lizard-API/out/production/resources/hive_config/local/jaas.conf
at org.apache.kafka.common.security.JaasContext.defaultContext(JaasContext.java:133) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.common.security.JaasContext.load(JaasContext.java:98) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.common.security.JaasContext.loadClientContext(JaasContext.java:84) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:119) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:65) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:88) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:713) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:615) ~[kafka-clients-2.0.0.jar:?]
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:596) ~[kafka-clients-2.0.0.jar:?]
at com.xxx.xx.moli.data.KafkaDataHelper.getConsumer(KafkaDataHelper.java:293) ~[classes/:?]
... 53 more

我的 jaas.conf 看起来像这样:

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="src/main/resources/hive_config/local/jhutc.keytab"
principal="jhutc@AD.company.COM"
};

com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="src/main/resources/hive_config/local/jhutc.keytab"
principal="jhutc@AD.company.COM"
debug=true;
};

任何人都可以解释为什么我收到错误,并且 KafkaClient 部分没有被选取吗?

(顺便说一句,jaas.conf 文件的第二部分正在为应用程序的不同部分正确选取。)

最佳答案

JAAS 文件的确切语法可能很难正确理解。每个 LoginModule 项之后以及每个 block 之后都需要分号。因此,您可能在 KafkaClient block 中的 principal="jhutc@AD.company.COM" 之后缺少分号。

但是,从 Kafka 0.10.2 开始,使用 sasl.jaas.config 设置来配置客户端以使用 SASL 会更容易。

文档中有一节介绍如何配置它:http://kafka.apache.org/documentation/#security_sasl_kerberos_clientconfig

例如:

props.put("sasl.jaas.config", "com.sun.security.auth.module.Krb5LoginModule required " +
"useKeyTab=true " +
"storeKey=true " +
"keyTab=\"src/main/resources/hive_config/local/jhutc.keytab\" " +
"principal=\"jhutc@AD.company.COM\";");

关于java - jaas.conf 中未选取 KafkaClient 部分,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57996781/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com