Java Kafka“JAAS 配置中未指定登录模块”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/45756543/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Kafka "Login module not specified in JAAS config"
提问by Tomasz
I have a problem communicating with Kafka secured with saslusing console scripts. Kafka is secured with sasl, listener is SASL_PLAINTEXTand mechanism is PLAIN.
我在与sasl使用控制台脚本保护的 Kafka 通信时遇到问题。Kafka 受 保护sasl,侦听器是SASL_PLAINTEXT,机制是PLAIN。
What I did: I tried listing some data using one of kafka scripts:
我做了什么:我尝试使用 kafka 脚本之一列出一些数据:
bin/kafka-consumer-groups.sh --bootstrap-server (address) --list
However I get
但是我得到
WARN Bootstrap broker (address) disconnected (org.apache.kafka.clients.NetworkClient)
and command fails, which is understandable because it's secured with sasl.
并且命令失败,这是可以理解的,因为它是由 sasl 保护的。
So I tried how to add client username/password to that command.
First, I tried to run kafka-console-consumerscript, I used --command-configto add necessary file. I quickly discovered that I can't add jaasfile directly and I needed to use .propertiesfile, so I did.
所以我尝试了如何将客户端用户名/密码添加到该命令中。首先,我尝试运行kafka-console-consumer脚本,我用来--command-config添加必要的文件。我很快发现我不能jaas直接添加文件,我需要使用.properties文件,所以我做了。
My properties file(keep in mind that brackets indicate "censored" data, I can't put all real data here):
我的属性文件(请记住,括号表示“”数据,我不能将所有真实数据放在这里):
bootstrap.servers=(address)
zookeeper.connect=127.0.0.1:2181
zookeeper.connection.timeout.ms=6000
sasl.jaas.config=(path)/consumer_jaas.conf
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
group.id=(group)
My jaas file:
我的 jaas 文件:
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username=(username)
password=(password);
};
This jaasfile works in my standard java applications.
该jaas文件适用于我的标准 Java 应用程序。
However, when I'm trying to run either kafka-consumer-groupsscript or kafka-console-consumer, I get this error:
但是,当我尝试运行kafka-consumer-groupsscript 或 时kafka-console-consumer,出现此错误:
Exception in thread "main" org.apache.kafka.common.KafkaException: java.lang.IllegalArgumentException: Login module not specified in JAAS config
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:94)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:93)
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:51)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:84)
at kafka.admin.AdminClient$.create(AdminClient.scala:229)
at kafka.admin.AdminClient$.create(AdminClient.scala:223)
at kafka.admin.AdminClient$.create(AdminClient.scala:221)
at kafka.admin.ConsumerGroupCommand$KafkaConsumerGroupService.createAdminClient(ConsumerGroupCommand.scala:454)
at kafka.admin.ConsumerGroupCommand$KafkaConsumerGroupService.<init>(ConsumerGroupCommand.scala:389)
at kafka.admin.ConsumerGroupCommand$.main(ConsumerGroupCommand.scala:65)
at kafka.admin.ConsumerGroupCommand.main(ConsumerGroupCommand.scala)
Caused by: java.lang.IllegalArgumentException: Login module not specified in JAAS config
at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:68)
at org.apache.kafka.common.security.JaasUtils.jaasConfig(JaasUtils.java:59)
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:85)
This jaasfile is a direct copy of a file that I'm using in java app that communicates with kafka and it works, however here, using console tools, it just doesn't work. I tried searching for a solution but I can't find anything useful.
这个jaas文件是我在与 kafka 通信的 java 应用程序中使用的文件的直接副本,它可以工作,但是在这里,使用控制台工具,它不起作用。我尝试寻找解决方案,但找不到任何有用的东西。
Can anyone help me with this?
谁能帮我这个?
采纳答案by Mickael Maison
There are 2 ways to provide the JAAS configuration to the Kafka clients.
有两种方法可以向 Kafka 客户端提供 JAAS 配置。
Via the client property:
sasl.jaas.config. In that case you set it to the actual JAAS configuration entry. For example, your configuration file becomes:bootstrap.servers=(address) zookeeper.connect=127.0.0.1:2181 zookeeper.connection.timeout.ms=6000 sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="(username)" password="(password)"; security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN group.id=(group)As you've already figured out, you can use
--command-configto pass a properties file tokafka-consumer-groups.sh.Via the Java property:
java.security.auth.login.config. In this case, you set it to the path of your JAAS file. Also if you set it inKAFKA_OPTS,kafka-consumer-groups.shwill pick it up automatically.export KAFKA_OPTS="-Djava.security.auth.login.config=(path)/consumer_jaas.conf"
通过客户端属性:
sasl.jaas.config. 在这种情况下,您将其设置为实际的 JAAS 配置条目。例如,您的配置文件变为:bootstrap.servers=(address) zookeeper.connect=127.0.0.1:2181 zookeeper.connection.timeout.ms=6000 sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="(username)" password="(password)"; security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN group.id=(group)正如您已经发现的那样,您可以使用
--command-config将属性文件传递给kafka-consumer-groups.sh.通过 Java 属性:
java.security.auth.login.config. 在这种情况下,您将其设置为 JAAS 文件的路径。此外,如果您将其设置为KAFKA_OPTS,kafka-consumer-groups.sh则会自动拾取。export KAFKA_OPTS="-Djava.security.auth.login.config=(path)/consumer_jaas.conf"
