如何在Spring Cloud Kafka上配置安全协议SASL_SSL?

问题描述 投票:0回答:1

我有这个application.yml配置:

spring:
  cloud:
    stream:
      bindings:
        kafkaDemoTopic:
          destination: kafka_demo_topic
    kafka:
       binder:
           autoAddPartitions: true
           brokers: localhost:9092
           autoCreateTopics: false
           configuration:
            security:
                protocol: SASL_SSL
            sasl:
             jaas:
              config: org.apache.kafka.common.security.scram.ScramLoginModule required username="user"  password="sepultura1";

我需要打开安全协议 SASL_SSL,但是当我使用此配置启动应用程序时,SASL_SSL 协议不存在,并且在我看到的应用程序日志中

security.protocol = PLAINTEXT

完整日志在这里:

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v3.2.0)

2023-12-18T00:20:29.697+01:00  INFO 11008 --- [           main] o.h.kafka.demo.KafkaDemoApplication      : Starting KafkaDemoApplication using Java 17.0.8.1 with PID 11008 (C:\java_projects\kafka_demo\target\classes started by maxca in C:\java_projects\kafka_demo)
2023-12-18T00:20:29.707+01:00  INFO 11008 --- [           main] o.h.kafka.demo.KafkaDemoApplication      : No active profile set, falling back to 1 default profile: "default"
2023-12-18T00:20:30.568+01:00  INFO 11008 --- [           main] faultConfiguringBeanFactoryPostProcessor : No bean named 'errorChannel' has been explicitly defined. Therefore, a default PublishSubscribeChannel will be created.
2023-12-18T00:20:30.584+01:00  INFO 11008 --- [           main] faultConfiguringBeanFactoryPostProcessor : No bean named 'integrationHeaderChannelRegistry' has been explicitly defined. Therefore, a default DefaultHeaderChannelRegistry will be created.
2023-12-18T00:20:32.388+01:00  INFO 11008 --- [           main] o.s.i.endpoint.EventDrivenConsumer       : Adding {logging-channel-adapter:_org.springframework.integration.errorLogger} as a subscriber to the 'errorChannel' channel
2023-12-18T00:20:32.389+01:00  INFO 11008 --- [           main] o.s.i.channel.PublishSubscribeChannel    : Channel 'application.errorChannel' has 1 subscriber(s).
2023-12-18T00:20:32.390+01:00  INFO 11008 --- [           main] o.s.i.endpoint.EventDrivenConsumer       : started bean '_org.springframework.integration.errorLogger'
sending messageMessage [id=0, uuid=a1af3bd1-11fb-40a0-82b0-99a1514773bf, date=2023-12-18 00:20:32]
2023-12-18T00:20:32.424+01:00  INFO 11008 --- [           main] o.h.kafka.demo.KafkaDemoApplication      : Started KafkaDemoApplication in 3.557 seconds (process running for 4.135)
2023-12-18T00:20:32.484+01:00  INFO 11008 --- [   scheduling-1] o.s.c.s.binder.DefaultBinderFactory      : Creating binder: kafka
2023-12-18T00:20:32.485+01:00  INFO 11008 --- [   scheduling-1] o.s.c.s.binder.DefaultBinderFactory      : Constructing binder child context for kafka
2023-12-18T00:20:32.609+01:00  INFO 11008 --- [   scheduling-1] o.s.c.s.binder.DefaultBinderFactory      : Caching the binder: kafka
2023-12-18T00:20:32.622+01:00  INFO 11008 --- [   scheduling-1] o.s.c.s.b.k.p.KafkaTopicProvisioner      : Using kafka topic for outbound: kafka_demo_topic
2023-12-18T00:20:32.627+01:00  INFO 11008 --- [   scheduling-1] o.a.k.clients.admin.AdminClientConfig    : AdminClientConfig values: 
    auto.include.jmx.reporter = true
    bootstrap.servers = [localhost:9092]
    client.dns.lookup = use_all_dns_ips
    client.id = 
    connections.max.idle.ms = 300000
    default.api.timeout.ms = 60000
    metadata.max.age.ms = 300000
    metric.reporters = []
    metrics.num.samples = 2
    metrics.recording.level = INFO
    metrics.sample.window.ms = 30000
    receive.buffer.bytes = 65536
    reconnect.backoff.max.ms = 1000
    reconnect.backoff.ms = 50
    request.timeout.ms = 30000
    retries = 2147483647
    retry.backoff.ms = 100
    sasl.client.callback.handler.class = null
    sasl.jaas.config = null
    sasl.kerberos.kinit.cmd = /usr/bin/kinit
    sasl.kerberos.min.time.before.relogin = 60000
    sasl.kerberos.service.name = null
    sasl.kerberos.ticket.renew.jitter = 0.05
    sasl.kerberos.ticket.renew.window.factor = 0.8
    sasl.login.callback.handler.class = null
    sasl.login.class = null
    sasl.login.connect.timeout.ms = null
    sasl.login.read.timeout.ms = null
    sasl.login.refresh.buffer.seconds = 300
    sasl.login.refresh.min.period.seconds = 60
    sasl.login.refresh.window.factor = 0.8
    sasl.login.refresh.window.jitter = 0.05
    sasl.login.retry.backoff.max.ms = 10000
    sasl.login.retry.backoff.ms = 100
    sasl.mechanism = GSSAPI
    sasl.oauthbearer.clock.skew.seconds = 30
    sasl.oauthbearer.expected.audience = null
    sasl.oauthbearer.expected.issuer = null
    sasl.oauthbearer.jwks.endpoint.refresh.ms = 3600000
    sasl.oauthbearer.jwks.endpoint.retry.backoff.max.ms = 10000
    sasl.oauthbearer.jwks.endpoint.retry.backoff.ms = 100
    sasl.oauthbearer.jwks.endpoint.url = null
    sasl.oauthbearer.scope.claim.name = scope
    sasl.oauthbearer.sub.claim.name = sub
    sasl.oauthbearer.token.endpoint.url = null
    security.protocol = PLAINTEXT
    security.providers = null
    send.buffer.bytes = 131072
    socket.connection.setup.timeout.max.ms = 30000
    socket.connection.setup.timeout.ms = 10000
    ssl.cipher.suites = null
    ssl.enabled.protocols = [TLSv1.2, TLSv1.3]
    ssl.endpoint.identification.algorithm = https
    ssl.engine.factory.class = null
    ssl.key.password = null
    ssl.keymanager.algorithm = SunX509
    ssl.keystore.certificate.chain = null
    ssl.keystore.key = null
    ssl.keystore.location = null
    ssl.keystore.password = null
    ssl.keystore.type = JKS
    ssl.protocol = TLSv1.3
    ssl.provider = null
    ssl.secure.random.implementation = null
    ssl.trustmanager.algorithm = PKIX
    ssl.truststore.certificates = null
    ssl.truststore.location = null
    ssl.truststore.password = null
    ssl.truststore.type = JKS

2023-12-18T00:20:32.837+01:00  INFO 11008 --- [   scheduling-1] o.a.kafka.common.utils.AppInfoParser     : Kafka version: 3.6.0
2023-12-18T00:20:32.839+01:00  INFO 11008 --- [   scheduling-1] o.a.kafka.common.utils.AppInfoParser     : Kafka commitId: 60e845626d8a465a
2023-12-18T00:20:32.839+01:00  INFO 11008 --- [   scheduling-1] o.a.kafka.common.utils.AppInfoParser     : Kafka startTimeMs: 1702855232835
2023-12-18T00:20:33.417+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Node -1 disconnected.
2023-12-18T00:20:33.420+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Cancelled in-flight API_VERSIONS request with correlation id 0 due to node -1 being disconnected (elapsed time since creation: 551ms, elapsed time since send: 551ms, request timeout: 3600000ms)
2023-12-18T00:20:33.616+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Node -1 disconnected.
2023-12-18T00:20:33.616+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Cancelled in-flight API_VERSIONS request with correlation id 1 due to node -1 being disconnected (elapsed time since creation: 85ms, elapsed time since send: 85ms, request timeout: 3600000ms)
2023-12-18T00:20:33.838+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Node -1 disconnected.
2023-12-18T00:20:33.839+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Cancelled in-flight API_VERSIONS request with correlation id 2 due to node -1 being disconnected (elapsed time since creation: 104ms, elapsed time since send: 104ms, request timeout: 3600000ms)
2023-12-18T00:20:34.162+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Node -1 disconnected.
2023-12-18T00:20:34.162+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Cancelled in-flight API_VERSIONS request with correlation id 3 due to node -1 being disconnected (elapsed time since creation: 101ms, elapsed time since send: 101ms, request timeout: 3600000ms)
2023-12-18T00:20:34.783+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Node -1 disconnected.
2023-12-18T00:20:34.784+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Cancelled in-flight API_VERSIONS request with correlation id 4 due to node -1 being disconnected (elapsed time since creation: 77ms, elapsed time since send: 77ms, request timeout: 3600000ms)
2023-12-18T00:20:35.857+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Node -1 disconnected.
2023-12-18T00:20:35.858+01:00  INFO 11008 --- [| adminclient-1] org.apache.kafka.clients.NetworkClient   : [AdminClient clientId=adminclient-1] Cancelled in-flight API_VERSIONS request with correlation id 5 due to node -1 being disconnected (elapsed time since creation: 92ms, elapsed time since send: 92ms, request timeout: 3600000ms)

有人可以告诉我如何打开 SASL_SSL 吗?我尝试谷歌一下,但配置似乎没问题。谢谢你的帮助。

spring-boot apache-kafka spring-cloud-stream
1个回答
0
投票

此配置有效:

spring:
  cloud:
    stream:
         kafka:
            binder:
              autoAddPartitions: true
              brokers: localhost:9092
              autoCreateTopics: false
              configuration:
                 security:
                   protocol: SASL_SSL
              sasl:
                jaas:
                  config: org.apache.kafka.common.security.scram.ScramLoginModule required username="user"  password="sepultura1";
    bindings:
        kafkaDemoTopic:
          destination: kafka_demo_topic
最新问题
© www.soinside.com 2019 - 2025. All rights reserved.