Java Spring boot application.yml 中的 Spring Kafka SSL 设置
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/51200107/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Kafka SSL setup in Spring boot application.yml
提问by Justin
I am trying to setup a Spring Boot Application with a Kafka Client to use SSL. I have my keystore.jks and truststore.jks stored on a filesystem(on a docker container) because of this: https://github.com/spring-projects/spring-kafka/issues/710
我正在尝试使用 Kafka 客户端设置 Spring Boot 应用程序以使用 SSL。因此,我将 keystore.jks 和 truststore.jks 存储在文件系统(在 docker 容器上)中:https: //github.com/spring-projects/spring-kafka/issues/710
Here is my application.yml:
这是我的 application.yml:
spring:
kafka:
ssl:
key-password: pass
keystore-location: /tmp/kafka.client.keystore.jks
keystore-password: pass
truststore-location: /tmp/kafka.client.truststore.jks
truststore-password: pass
But when I start the application ( in a docker container) it says:
但是当我启动应用程序(在 docker 容器中)时,它说:
Caused by: java.lang.IllegalStateException: Resource 'class path resource [tmp/kafka.client.keystore.jks]' must be on a file system
[..]
Caused by: java.io.FileNotFoundException: class path resource [tmp/kafka.client.keystore.jks] cannot be resolved to URL because it does not exist
I checked on the container and the .jks are there in /tmp .
我检查了容器,.jks 在 /tmp 中。
I cannot understand how to pass .jks to spring boot.
我无法理解如何将 .jks 传递给 Spring Boot。
UPDATE 06/07/2018
更新06/07/2018
This is my dockerfile
这是我的 dockerfile
FROM openjdk:8-jdk-alpine
VOLUME /tmp
COPY ssl/kafka.client.keystore.jks /tmp
COPY ssl/kafka.client.truststore.jks /tmp
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
采纳答案by Deadpool
According to discussion and to enable kafka ssl configuration, first need to enable and set ssl properties in consumerFactory
根据讨论和启用kafka ssl配置,首先需要在consumerFactory中启用和设置ssl属性
@Bean
public ConsumerFactory<String, ReportingTask> consumerFactory() {
Map<String, Object> props = new HashMap<>();
props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, bootstrapServers);
props.put(ConsumerConfig.GROUP_ID_CONFIG, groupId);
props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, JsonSerializable.class);
props.put(ConsumerConfig.CLIENT_ID_CONFIG, clientId);
props.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, enableAutoCommit);
props.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, autoCommitInterval);
props.put(ConsumerConfig.SESSION_TIMEOUT_MS_CONFIG, sessionTimeout);
props.put(ConsumerConfig.MAX_POLL_RECORDS_CONFIG, maxRecords);
props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, offSet);
if (sslEnabled) {
props.put("security.protocol", "SSL");
props.put("ssl.truststore.location", trustStoreLocation);
props.put("ssl.truststore.password", trustStorePassword);
props.put("ssl.key.password", keyStorePassword);
props.put("ssl.keystore.password", keyStorePassword);
props.put("ssl.keystore.location", keyStoreLocation);
}
return new DefaultKafkaConsumerFactory<>(props, new StringDeserializer(), new JsonDeserializer<>(Task.class));
}
And copy the certificates into docker container
并将证书复制到docker容器中
COPY ssl/stage/* /var/lib/kafka/stage/
回答by Cameron Sours
If anyone is still looking at this, try prepending file:// to the file path:
如果有人仍在查看此内容,请尝试在文件路径前添加 file://:
truststorelocation: "file:///tmp/kafka.client.keystore.jks"
The error is complaining about the lack of a URL - adding a protocol (file://) makes the path a URL (speaking very basically)
错误是抱怨缺少 URL - 添加协议 (file://) 使路径成为 URL(基本上来说)
