Example 21 with ListenerName
use of org.apache.kafka.common.network.ListenerName in project apache-kafka-on-k8s by banzaicloud.
the class JaasContextTest method testLoadForServerWithListenerNameOverride.
@Test
public void testLoadForServerWithListenerNameOverride() throws IOException {
writeConfiguration(Arrays.asList("KafkaServer { test.LoginModuleDefault required; };", "plaintext.KafkaServer { test.LoginModuleOverride requisite; };"));
JaasContext context = JaasContext.loadServerContext(new ListenerName("plaintext"), "SOME-MECHANISM", Collections.<String, Object>emptyMap());
assertEquals("plaintext.KafkaServer", context.name());
assertEquals(JaasContext.Type.SERVER, context.type());
assertEquals(1, context.configurationEntries().size());
checkEntry(context.configurationEntries().get(0), "test.LoginModuleOverride", LoginModuleControlFlag.REQUISITE, Collections.<String, Object>emptyMap());
}
Also used :
ListenerName(org.apache.kafka.common.network.ListenerName)
Test(org.junit.Test)
Example 22 with ListenerName
use of org.apache.kafka.common.network.ListenerName in project apache-kafka-on-k8s by banzaicloud.
the class JaasContextTest method testLoadForServerWithWrongListenerName.
@Test(expected = IllegalArgumentException.class)
public void testLoadForServerWithWrongListenerName() throws IOException {
writeConfiguration("Server", "test.LoginModule required;");
JaasContext.loadServerContext(new ListenerName("plaintext"), "SOME-MECHANISM", Collections.<String, Object>emptyMap());
}
Also used :
ListenerName(org.apache.kafka.common.network.ListenerName)
Test(org.junit.Test)
Example 23 with ListenerName
use of org.apache.kafka.common.network.ListenerName in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method startServerWithoutSaslAuthenticateHeader.
private NioEchoServer startServerWithoutSaslAuthenticateHeader(final SecurityProtocol securityProtocol, String saslMechanism) throws Exception {
final ListenerName listenerName = ListenerName.forSecurityProtocol(securityProtocol);
final Map<String, ?> configs = Collections.emptyMap();
final JaasContext jaasContext = JaasContext.loadServerContext(listenerName, saslMechanism, configs);
final Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
boolean isScram = ScramMechanism.isScram(saslMechanism);
if (isScram)
ScramCredentialUtils.createCache(credentialCache, Arrays.asList(saslMechanism));
SaslChannelBuilder serverChannelBuilder = new SaslChannelBuilder(Mode.SERVER, jaasContexts, securityProtocol, listenerName, false, saslMechanism, true, credentialCache, null) {
@Override
protected SaslServerAuthenticator buildServerAuthenticator(Map<String, ?> configs, String id, TransportLayer transportLayer, Map<String, Subject> subjects) throws IOException {
return new SaslServerAuthenticator(configs, id, jaasContexts, subjects, null, credentialCache, listenerName, securityProtocol, transportLayer, null) {
@Override
protected ApiVersionsResponse apiVersionsResponse() {
List<ApiVersion> apiVersions = new ArrayList<>(ApiVersionsResponse.defaultApiVersionsResponse().apiVersions());
for (Iterator<ApiVersion> it = apiVersions.iterator(); it.hasNext(); ) {
ApiVersion apiVersion = it.next();
if (apiVersion.apiKey == ApiKeys.SASL_AUTHENTICATE.id) {
it.remove();
break;
}
}
return new ApiVersionsResponse(0, Errors.NONE, apiVersions);
}
@Override
protected void enableKafkaSaslAuthenticateHeaders(boolean flag) {
// Don't enable Kafka SASL_AUTHENTICATE headers
}
};
}
};
serverChannelBuilder.configure(saslServerConfigs);
server = new NioEchoServer(listenerName, securityProtocol, new TestSecurityConfig(saslServerConfigs), "localhost", serverChannelBuilder, credentialCache);
server.start();
return server;
}
Also used :
ApiVersion(org.apache.kafka.common.requests.ApiVersionsResponse.ApiVersion)
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
ArrayList(java.util.ArrayList)
ListenerName(org.apache.kafka.common.network.ListenerName)
TransportLayer(org.apache.kafka.common.network.TransportLayer)
JaasContext(org.apache.kafka.common.security.JaasContext)
NioEchoServer(org.apache.kafka.common.network.NioEchoServer)
TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig)
SaslChannelBuilder(org.apache.kafka.common.network.SaslChannelBuilder)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 24 with ListenerName
use of org.apache.kafka.common.network.ListenerName in project kafka by apache.
the class SaslAuthenticatorTest method startServerApiVersionsUnsupportedByClient.
private NioEchoServer startServerApiVersionsUnsupportedByClient(final SecurityProtocol securityProtocol, String saslMechanism) throws Exception {
final ListenerName listenerName = ListenerName.forSecurityProtocol(securityProtocol);
final Map<String, ?> configs = Collections.emptyMap();
final JaasContext jaasContext = JaasContext.loadServerContext(listenerName, saslMechanism, configs);
final Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
boolean isScram = ScramMechanism.isScram(saslMechanism);
if (isScram)
ScramCredentialUtils.createCache(credentialCache, Arrays.asList(saslMechanism));
Supplier<ApiVersionsResponse> apiVersionSupplier = () -> {
ApiVersionCollection versionCollection = new ApiVersionCollection(2);
versionCollection.add(new ApiVersion().setApiKey(ApiKeys.SASL_HANDSHAKE.id).setMinVersion((short) 0).setMaxVersion((short) 100));
versionCollection.add(new ApiVersion().setApiKey(ApiKeys.SASL_AUTHENTICATE.id).setMinVersion((short) 0).setMaxVersion((short) 100));
return new ApiVersionsResponse(new ApiVersionsResponseData().setApiKeys(versionCollection));
};
SaslChannelBuilder serverChannelBuilder = new SaslChannelBuilder(Mode.SERVER, jaasContexts, securityProtocol, listenerName, false, saslMechanism, true, credentialCache, null, null, time, new LogContext(), apiVersionSupplier);
serverChannelBuilder.configure(saslServerConfigs);
server = new NioEchoServer(listenerName, securityProtocol, new TestSecurityConfig(saslServerConfigs), "localhost", serverChannelBuilder, credentialCache, time);
server.start();
return server;
}
Also used :
ApiVersionCollection(org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersionCollection)
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
ApiVersion(org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersion)
LogContext(org.apache.kafka.common.utils.LogContext)
ListenerName(org.apache.kafka.common.network.ListenerName)
JaasContext(org.apache.kafka.common.security.JaasContext)
NioEchoServer(org.apache.kafka.common.network.NioEchoServer)
TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig)
SaslChannelBuilder(org.apache.kafka.common.network.SaslChannelBuilder)
ApiVersionsResponseData(org.apache.kafka.common.message.ApiVersionsResponseData)
Example 25 with ListenerName
use of org.apache.kafka.common.network.ListenerName in project kafka by apache.
the class SaslAuthenticatorTest method startServerWithoutSaslAuthenticateHeader.
private NioEchoServer startServerWithoutSaslAuthenticateHeader(final SecurityProtocol securityProtocol, String saslMechanism) throws Exception {
final ListenerName listenerName = ListenerName.forSecurityProtocol(securityProtocol);
final Map<String, ?> configs = Collections.emptyMap();
final JaasContext jaasContext = JaasContext.loadServerContext(listenerName, saslMechanism, configs);
final Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
boolean isScram = ScramMechanism.isScram(saslMechanism);
if (isScram)
ScramCredentialUtils.createCache(credentialCache, Arrays.asList(saslMechanism));
Supplier<ApiVersionsResponse> apiVersionSupplier = () -> {
ApiVersionsResponse defaultApiVersionResponse = ApiVersionsResponse.defaultApiVersionsResponse(ApiMessageType.ListenerType.ZK_BROKER);
ApiVersionCollection apiVersions = new ApiVersionCollection();
for (ApiVersion apiVersion : defaultApiVersionResponse.data().apiKeys()) {
if (apiVersion.apiKey() != ApiKeys.SASL_AUTHENTICATE.id) {
// ApiVersion can NOT be reused in second ApiVersionCollection
// due to the internal pointers it contains.
apiVersions.add(apiVersion.duplicate());
}
}
ApiVersionsResponseData data = new ApiVersionsResponseData().setErrorCode(Errors.NONE.code()).setThrottleTimeMs(0).setApiKeys(apiVersions);
return new ApiVersionsResponse(data);
};
SaslChannelBuilder serverChannelBuilder = new SaslChannelBuilder(Mode.SERVER, jaasContexts, securityProtocol, listenerName, false, saslMechanism, true, credentialCache, null, null, time, new LogContext(), apiVersionSupplier) {
@Override
protected SaslServerAuthenticator buildServerAuthenticator(Map<String, ?> configs, Map<String, AuthenticateCallbackHandler> callbackHandlers, String id, TransportLayer transportLayer, Map<String, Subject> subjects, Map<String, Long> connectionsMaxReauthMsByMechanism, ChannelMetadataRegistry metadataRegistry) {
return new SaslServerAuthenticator(configs, callbackHandlers, id, subjects, null, listenerName, securityProtocol, transportLayer, connectionsMaxReauthMsByMechanism, metadataRegistry, time, apiVersionSupplier) {
@Override
protected void enableKafkaSaslAuthenticateHeaders(boolean flag) {
// Don't enable Kafka SASL_AUTHENTICATE headers
}
};
}
};
serverChannelBuilder.configure(saslServerConfigs);
server = new NioEchoServer(listenerName, securityProtocol, new TestSecurityConfig(saslServerConfigs), "localhost", serverChannelBuilder, credentialCache, time);
server.start();
return server;
}
Also used :
ApiVersionCollection(org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersionCollection)
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
ApiVersion(org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersion)
ChannelMetadataRegistry(org.apache.kafka.common.network.ChannelMetadataRegistry)
LogContext(org.apache.kafka.common.utils.LogContext)
ListenerName(org.apache.kafka.common.network.ListenerName)
TransportLayer(org.apache.kafka.common.network.TransportLayer)
JaasContext(org.apache.kafka.common.security.JaasContext)
NioEchoServer(org.apache.kafka.common.network.NioEchoServer)
TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig)
SaslChannelBuilder(org.apache.kafka.common.network.SaslChannelBuilder)
Map(java.util.Map)
HashMap(java.util.HashMap)
ApiVersionsResponseData(org.apache.kafka.common.message.ApiVersionsResponseData)
Aggregations
ListenerName (org.apache.kafka.common.network.ListenerName)27
HashMap (java.util.HashMap)11
JaasContext (org.apache.kafka.common.security.JaasContext)9
Test (org.junit.jupiter.api.Test)8
Test (org.junit.Test)7
SaslChannelBuilder (org.apache.kafka.common.network.SaslChannelBuilder)5
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)5
SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)5
Map (java.util.Map)4
Subject (javax.security.auth.Subject)4
TransportLayer (org.apache.kafka.common.network.TransportLayer)4
PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)4
ByteBuffer (java.nio.ByteBuffer)3
ArrayList (java.util.ArrayList)3
ApiVersionsResponseData (org.apache.kafka.common.message.ApiVersionsResponseData)3
ApiVersionCollection (org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersionCollection)3
NioEchoServer (org.apache.kafka.common.network.NioEchoServer)3
TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)3
LogContext (org.apache.kafka.common.utils.LogContext)3
InetSocketAddress (java.net.InetSocketAddress)2
