Search in sources :

Example 1 with JaasContext

use of org.apache.kafka.common.security.JaasContext in project kafka by apache.

the class ChannelBuilders method create.

private static ChannelBuilder create(SecurityProtocol securityProtocol, Mode mode, JaasContext.Type contextType, AbstractConfig config, ListenerName listenerName, String clientSaslMechanism, boolean saslHandshakeRequestEnable, CredentialCache credentialCache) {
    Map<String, ?> configs;
    if (listenerName == null)
        configs = config.values();
    else
        configs = config.valuesWithPrefixOverride(listenerName.configPrefix());
    ChannelBuilder channelBuilder;
    switch(securityProtocol) {
        case SSL:
            requireNonNullMode(mode, securityProtocol);
            channelBuilder = new SslChannelBuilder(mode);
            break;
        case SASL_SSL:
        case SASL_PLAINTEXT:
            requireNonNullMode(mode, securityProtocol);
            JaasContext jaasContext = JaasContext.load(contextType, listenerName, configs);
            channelBuilder = new SaslChannelBuilder(mode, jaasContext, securityProtocol, clientSaslMechanism, saslHandshakeRequestEnable, credentialCache);
            break;
        case PLAINTEXT:
        case TRACE:
            channelBuilder = new PlaintextChannelBuilder();
            break;
        default:
            throw new IllegalArgumentException("Unexpected securityProtocol " + securityProtocol);
    }
    channelBuilder.configure(configs);
    return channelBuilder;
}
Also used : JaasContext(org.apache.kafka.common.security.JaasContext)

Example 2 with JaasContext

use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.

the class LoginManagerTest method testClientLoginManager.

@Test
public void testClientLoginManager() throws Exception {
    Map<String, ?> configs = Collections.singletonMap("sasl.jaas.config", dynamicPlainContext);
    JaasContext dynamicContext = JaasContext.loadClientContext(configs);
    JaasContext staticContext = JaasContext.loadClientContext(Collections.<String, Object>emptyMap());
    LoginManager dynamicLogin = LoginManager.acquireLoginManager(dynamicContext, "PLAIN", false, configs);
    assertEquals(dynamicPlainContext, dynamicLogin.cacheKey());
    LoginManager staticLogin = LoginManager.acquireLoginManager(staticContext, "SCRAM-SHA-256", false, configs);
    assertNotSame(dynamicLogin, staticLogin);
    assertEquals("KafkaClient", staticLogin.cacheKey());
    assertSame(dynamicLogin, LoginManager.acquireLoginManager(dynamicContext, "PLAIN", false, configs));
    assertSame(staticLogin, LoginManager.acquireLoginManager(staticContext, "SCRAM-SHA-256", false, configs));
    verifyLoginManagerRelease(dynamicLogin, 2, dynamicContext, configs);
    verifyLoginManagerRelease(staticLogin, 2, staticContext, configs);
}
Also used : JaasContext(org.apache.kafka.common.security.JaasContext) Test(org.junit.Test)

Example 3 with JaasContext

use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.

the class LoginManagerTest method testServerLoginManager.

@Test
public void testServerLoginManager() throws Exception {
    Map<String, Object> configs = new HashMap<>();
    configs.put("plain.sasl.jaas.config", dynamicPlainContext);
    configs.put("digest-md5.sasl.jaas.config", dynamicDigestContext);
    ListenerName listenerName = new ListenerName("listener1");
    JaasContext plainJaasContext = JaasContext.loadServerContext(listenerName, "PLAIN", configs);
    JaasContext digestJaasContext = JaasContext.loadServerContext(listenerName, "DIGEST-MD5", configs);
    JaasContext scramJaasContext = JaasContext.loadServerContext(listenerName, "SCRAM-SHA-256", configs);
    LoginManager dynamicPlainLogin = LoginManager.acquireLoginManager(plainJaasContext, "PLAIN", false, configs);
    assertEquals(dynamicPlainContext, dynamicPlainLogin.cacheKey());
    LoginManager dynamicDigestLogin = LoginManager.acquireLoginManager(digestJaasContext, "DIGEST-MD5", false, configs);
    assertNotSame(dynamicPlainLogin, dynamicDigestLogin);
    assertEquals(dynamicDigestContext, dynamicDigestLogin.cacheKey());
    LoginManager staticScramLogin = LoginManager.acquireLoginManager(scramJaasContext, "SCRAM-SHA-256", false, configs);
    assertNotSame(dynamicPlainLogin, staticScramLogin);
    assertEquals("KafkaServer", staticScramLogin.cacheKey());
    assertSame(dynamicPlainLogin, LoginManager.acquireLoginManager(plainJaasContext, "PLAIN", false, configs));
    assertSame(dynamicDigestLogin, LoginManager.acquireLoginManager(digestJaasContext, "DIGEST-MD5", false, configs));
    assertSame(staticScramLogin, LoginManager.acquireLoginManager(scramJaasContext, "SCRAM-SHA-256", false, configs));
    verifyLoginManagerRelease(dynamicPlainLogin, 2, plainJaasContext, configs);
    verifyLoginManagerRelease(dynamicDigestLogin, 2, digestJaasContext, configs);
    verifyLoginManagerRelease(staticScramLogin, 2, scramJaasContext, configs);
}
Also used : JaasContext(org.apache.kafka.common.security.JaasContext) HashMap(java.util.HashMap) ListenerName(org.apache.kafka.common.network.ListenerName) Test(org.junit.Test)

Example 4 with JaasContext

use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method createClientConnectionWithoutSaslAuthenticateHeader.

private void createClientConnectionWithoutSaslAuthenticateHeader(final SecurityProtocol securityProtocol, final String saslMechanism, String node) throws Exception {
    final ListenerName listenerName = ListenerName.forSecurityProtocol(securityProtocol);
    final Map<String, ?> configs = Collections.emptyMap();
    final JaasContext jaasContext = JaasContext.loadClientContext(configs);
    final Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
    SaslChannelBuilder clientChannelBuilder = new SaslChannelBuilder(Mode.CLIENT, jaasContexts, securityProtocol, listenerName, false, saslMechanism, true, null, null) {

        @Override
        protected SaslClientAuthenticator buildClientAuthenticator(Map<String, ?> configs, String id, String serverHost, String servicePrincipal, TransportLayer transportLayer, Subject subject) throws IOException {
            return new SaslClientAuthenticator(configs, id, subject, servicePrincipal, serverHost, saslMechanism, true, transportLayer) {

                @Override
                protected SaslHandshakeRequest createSaslHandshakeRequest(short version) {
                    return new SaslHandshakeRequest.Builder(saslMechanism).build((short) 0);
                }

                @Override
                protected void saslAuthenticateVersion(short version) {
                // Don't set version so that headers are disabled
                }
            };
        }
    };
    clientChannelBuilder.configure(saslClientConfigs);
    this.selector = NetworkTestUtils.createSelector(clientChannelBuilder);
    InetSocketAddress addr = new InetSocketAddress("127.0.0.1", server.port());
    selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
}
Also used : InetSocketAddress(java.net.InetSocketAddress) ListenerName(org.apache.kafka.common.network.ListenerName) Subject(javax.security.auth.Subject) TransportLayer(org.apache.kafka.common.network.TransportLayer) JaasContext(org.apache.kafka.common.security.JaasContext) SaslChannelBuilder(org.apache.kafka.common.network.SaslChannelBuilder) Map(java.util.Map) HashMap(java.util.HashMap) SaslHandshakeRequest(org.apache.kafka.common.requests.SaslHandshakeRequest)

Example 5 with JaasContext

use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.

the class SaslServerAuthenticatorTest method setupAuthenticator.

private SaslServerAuthenticator setupAuthenticator(Map<String, ?> configs, TransportLayer transportLayer, String mechanism) throws IOException {
    TestJaasConfig jaasConfig = new TestJaasConfig();
    jaasConfig.addEntry("jaasContext", PlainLoginModule.class.getName(), new HashMap<String, Object>());
    Map<String, JaasContext> jaasContexts = Collections.singletonMap(mechanism, new JaasContext("jaasContext", JaasContext.Type.SERVER, jaasConfig, null));
    Map<String, Subject> subjects = Collections.singletonMap(mechanism, new Subject());
    return new SaslServerAuthenticator(configs, "node", jaasContexts, subjects, null, new CredentialCache(), new ListenerName("ssl"), SecurityProtocol.SASL_SSL, transportLayer, new DelegationTokenCache(ScramMechanism.mechanismNames()));
}
Also used : PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule) ListenerName(org.apache.kafka.common.network.ListenerName) Subject(javax.security.auth.Subject) JaasContext(org.apache.kafka.common.security.JaasContext) DelegationTokenCache(org.apache.kafka.common.security.token.delegation.DelegationTokenCache)

Aggregations

JaasContext (org.apache.kafka.common.security.JaasContext)21 HashMap (java.util.HashMap)10 ListenerName (org.apache.kafka.common.network.ListenerName)9 Map (java.util.Map)6 SaslChannelBuilder (org.apache.kafka.common.network.SaslChannelBuilder)5 TestJaasConfig (org.apache.kafka.common.security.authenticator.TestJaasConfig)5 List (java.util.List)4 Subject (javax.security.auth.Subject)4 TransportLayer (org.apache.kafka.common.network.TransportLayer)4 ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)4 LogContext (org.apache.kafka.common.utils.LogContext)4 NioEchoServer (org.apache.kafka.common.network.NioEchoServer)3 TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)3 PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)3 Test (org.junit.jupiter.api.Test)3 IOException (java.io.IOException)2 InetSocketAddress (java.net.InetSocketAddress)2 KafkaException (org.apache.kafka.common.KafkaException)2 ApiVersionsResponseData (org.apache.kafka.common.message.ApiVersionsResponseData)2 ApiVersion (org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersion)2