Kafka开启使用 SASL_PLAINTEXT认证:
输入下面命令,关闭kafka:
bin/kafka-server-stop.sh
输入下面命令,关闭zookeeper:
bin/zookeeper-server-stop.sh
进入config目录,增加如下配置文件:
cd config
(1)touch kafka_server_jaas.conf
配置如下:
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin"
user_admin="admin"
user_alice="alice";
};
在KafkaServer部分,username和password是broker用于初始化连接到其他的broker,在上面配置中,admin用户为broker间的通讯,
user_userName定义了所有连接到 broker和 broker验证的所有的客户端连接包括其他 broker的用户密码,user_userName必须配置admin用户,否则报错。
(2)touch kafka_client_jaas.conf
配置如下:
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin";
};
在KafkaClient部分,username和password是客户端用来配置客户端连接broker的用户,在上面配置中,客户端使用admin用户连接到broker。
更改server.properties配置文件:
listeners=SASL_PLAINTEXT://:9092
# 使用的认证协议
security.inter.broker.protocol=SASL_PLAINTEXT
#SASL机制
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
# 完成身份验证的类
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
# 如果没有找到ACL(访问控制列表)配置,则允许任何操作。
#allow.everyone.if.no.acl.found=true
super.users=User:admin
修改consuer和producer的配置文件consumer.properties和producer.properties,分别增加如下配置:
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
切换到kafka目录下bin路径:
cd ..
cd bin
JAAS文件作为每个broker的jvm参数,在kafka-server-start.sh脚本中增加如下配置(可在最上面):
export KAFKA_OPTS=" -Djava.security.auth.login.config=/usr/local/kafka/config/kafka_server_jaas.conf"
在kafka-console-consumer.sh和kafka-console-producer.sh中添加:
export KAFKA_OPTS=" -Djava.security.auth.login.config=/usr/local/kafka/config/kafka_client_jaas.conf"
启动zookeeper和kafka:
bin/zookeeper-server-start.sh config/zookeeper.properties & (&代表后台运行)
bin/kafka-server-start.sh config/server.properties &
application.yml
kafka: template: default-topic: myTopic2 producer: bootstrap-servers: ip:端口 key-deserializer: org.apache.kafka.common.serialization.StringDeserializer value-deserializer: org.apache.kafka.common.serialization.StringDeserializer properties: sasl.mechanism: PLAIN security.protocol: SASL_PLAINTEXT consumer: bootstrap-servers: ip:端口 group-id: group-1 key-deserializer: org.apache.kafka.common.serialization.StringDeserializer value-deserializer: org.apache.kafka.common.serialization.StringDeserializer properties: sasl.mechanism: PLAIN security.protocol: SASL_PLAINTEXT
Application static { System.setProperty("java.security.auth.login.config", "xx/kafka_client_jaas.conf"); }