Example 6 with SecurityProtocol
use of org.apache.kafka.common.protocol.SecurityProtocol in project kafka by apache.
the class SaslAuthenticatorTest method testDynamicJaasConfiguration.
/**
* Tests dynamic JAAS configuration property for SASL clients. Invalid client credentials
* are set in the static JVM-wide configuration instance to ensure that the dynamic
* property override is used during authentication.
*/
@Test
public void testDynamicJaasConfiguration() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
saslServerConfigs.put(SaslConfigs.SASL_ENABLED_MECHANISMS, Arrays.asList("PLAIN"));
Map<String, Object> serverOptions = new HashMap<>();
serverOptions.put("user_user1", "user1-secret");
serverOptions.put("user_user2", "user2-secret");
TestJaasConfig staticJaasConfig = new TestJaasConfig();
staticJaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_SERVER, PlainLoginModule.class.getName(), serverOptions);
staticJaasConfig.setPlainClientOptions("user1", "invalidpassword");
Configuration.setConfiguration(staticJaasConfig);
server = createEchoServer(securityProtocol);
// Check that client using static Jaas config does not connect since password is invalid
createAndCheckClientConnectionFailure(securityProtocol, "1");
// Check that 'user1' can connect with a Jaas config property override
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "user1", "user1-secret"));
createAndCheckClientConnection(securityProtocol, "2");
// Check that invalid password specified as Jaas config property results in connection failure
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "user1", "user2-secret"));
createAndCheckClientConnectionFailure(securityProtocol, "3");
// Check that another user 'user2' can also connect with a Jaas config override without any changes to static configuration
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "user2", "user2-secret"));
createAndCheckClientConnection(securityProtocol, "4");
// Check that clients specifying multiple login modules fail even if the credentials are valid
String module1 = TestJaasConfig.jaasConfigProperty("PLAIN", "user1", "user1-secret").value();
String module2 = TestJaasConfig.jaasConfigProperty("PLAIN", "user2", "user2-secret").value();
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, new Password(module1 + " " + module2));
try {
createClientConnection(securityProtocol, "1");
fail("Connection created with multiple login modules in sasl.jaas.config");
} catch (IllegalArgumentException e) {
// Expected
}
}
Also used :
HashMap(java.util.HashMap)
SecurityProtocol(org.apache.kafka.common.protocol.SecurityProtocol)
PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule)
Password(org.apache.kafka.common.config.types.Password)
Test(org.junit.Test)
Example 7 with SecurityProtocol
use of org.apache.kafka.common.protocol.SecurityProtocol in project kafka by apache.
the class SslTransportLayerTest method testEndpointIdentificationDisabled.
/**
* Tests that server certificate with invalid IP address is accepted by
* a client that has disabled endpoint validation
*/
@Test
public void testEndpointIdentificationDisabled() throws Exception {
String node = "0";
String serverHost = InetAddress.getLocalHost().getHostAddress();
SecurityProtocol securityProtocol = SecurityProtocol.SSL;
server = new NioEchoServer(ListenerName.forSecurityProtocol(securityProtocol), securityProtocol, new TestSecurityConfig(sslServerConfigs), serverHost);
server.start();
sslClientConfigs.remove(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress(serverHost, server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
SecurityProtocol(org.apache.kafka.common.protocol.SecurityProtocol)
TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig)
Test(org.junit.Test)
Aggregations
SecurityProtocol (org.apache.kafka.common.protocol.SecurityProtocol)7
Test (org.junit.Test)3
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)2
Joiner (com.google.common.base.Joiner)1
File (java.io.File)1
IOException (java.io.IOException)1
InetSocketAddress (java.net.InetSocketAddress)1
ByteBuffer (java.nio.ByteBuffer)1
Arrays (java.util.Arrays)1
Collections (java.util.Collections)1
HashSet (java.util.HashSet)1
LinkedHashMap (java.util.LinkedHashMap)1
List (java.util.List)1
ListIterator (java.util.ListIterator)1
Map (java.util.Map)1
Optional (java.util.Optional)1
Function (java.util.function.Function)1
Collectors (java.util.stream.Collectors)1
