我们在应用程序中配置了两个Kafka代理。YAML,一个是与SASL KERBEROS,另一个与SASL SCRAM。在启动服务时,它使用SASL KERBEROS连接到broker,并为其他broker获得以下错误(SASL SCRAM(。当我们在应用程序YAML中使用SALS SCRAM连接到一个代理时,它正在连接,没有任何错误
==============================================================================================将SASL客户端状态设置为RECEIVE_APIVERSIONS_RESPONSEmain]o.a.k.c.s.a.SaslClientAuthenticator将SASL客户端状态设置为SEND_HANDSHAKE_REQUESTmain]o.a.k.c.s.a.SaslClientAuthenticator将SASL客户端状态设置为RECEIVE_HANDSHAKE_RESPONSEmain]o.a.k.c.s.a.SaslClientAuthenticator将SASL客户端状态设置为INITIALmain]o.apache.kafka.commun.network.Selector来自100.76.140.194的意外错误;闭合连接
java.lang.NullPointerException:null网址:org.apache.kafka.common.security.authenticator.SalsClientAuthenticator.sendSaslClientToken(SaslClientAuthenticator.java:389(网址:org.apache.kafka.common.security.authenticator.SalsClientAuthenticator.sendInitialToken(SaslClientAuthenticator.java:296(网址:org.apache.kafka.common.security.authenticator.SalsClientAuthenticator.authenticate(SaslClientAuthenticator.java:237(
应用程序.YAML
binders:
binder1:
type: kafka
environment:
spring:
cloud:
stream:
kafka:
binder:
replication-factor: 1
brokers: ${eventhub.broker.hosts2}
zkNodes: ${eventhub.zookeper.hosts2}
configuration:
security:
protocol: SASL_SSL
sasl:
mechanism: GSSAPI
ssl:
truststore:
location: ${eventhub.broker.cert.location2}
password: ${eventhub.broker.cert.password2}
jaas:
options:
useKeyTab: true
storeKey: true
keyTab: /scratch/kafka/kafka2/krb5.keytab
serviceName: kafka
principal: kafka/XXXXXXXXXXXXXXXX.COM
default:
consumer:
autoCommitOffset: false
binder2:
type: kafka
environment:
spring:
cloud:
stream:
kafka:
binder:
brokers: ${eventhub.broker.hosts} # 10.40.158.93:9093
zkNodes: ${eventhub.zookeper.hosts} #10.40.158.93:2181
autoCreateTopics: false
zkConnectionTimeout: 36000
headers:
- event
- sourceSystem
- userId
- branchCode
- kafka_messageKey
jaas:
loginModule: org.apache.kafka.common.security.scram.ScramLoginModule
options:
username: ${eventhub.broker.user}
password: ${eventhub.broker.password}
configuration:
security:
protocol: SASL_SSL
sasl:
mechanism: SCRAM-SHA-256
ssl:
enabled:
truststore:
location: ${eventhub.broker.cert.location}
password: ${eventhub.broker.cert.password}
当您在一个应用程序中有多个具有不同安全上下文的集群时,您需要使用KIP-85中提到的方法,而不是依赖于通过绑定器设置JAAS
配置或设置java.security.auth.login.config
属性。基本上,您需要设置sasl.jaas.config
属性,该属性优先于其他方法。通过使用sasl.jaas.config
,您可以覆盖JVM设置的限制,在JVM中使用JVM范围的静态安全上下文,从而忽略在第一个配置之后找到的任何后续JAAS配置。
下面是一个示例应用程序,它演示了如何作为一个多绑定应用程序连接到具有不同安全上下文的多个Kafka集群。