use of org.apache.kafka.common.security.JaasContext in project kafka by apache.
the class ChannelBuilders method create.
private static ChannelBuilder create(SecurityProtocol securityProtocol, Mode mode, JaasContext.Type contextType, AbstractConfig config, ListenerName listenerName, String clientSaslMechanism, boolean saslHandshakeRequestEnable, CredentialCache credentialCache) {
Map<String, ?> configs;
if (listenerName == null)
configs = config.values();
else
configs = config.valuesWithPrefixOverride(listenerName.configPrefix());
ChannelBuilder channelBuilder;
switch(securityProtocol) {
case SSL:
requireNonNullMode(mode, securityProtocol);
channelBuilder = new SslChannelBuilder(mode);
break;
case SASL_SSL:
case SASL_PLAINTEXT:
requireNonNullMode(mode, securityProtocol);
JaasContext jaasContext = JaasContext.load(contextType, listenerName, configs);
channelBuilder = new SaslChannelBuilder(mode, jaasContext, securityProtocol, clientSaslMechanism, saslHandshakeRequestEnable, credentialCache);
break;
case PLAINTEXT:
case TRACE:
channelBuilder = new PlaintextChannelBuilder();
break;
default:
throw new IllegalArgumentException("Unexpected securityProtocol " + securityProtocol);
}
channelBuilder.configure(configs);
return channelBuilder;
}
use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.
the class LoginManagerTest method testClientLoginManager.
@Test
public void testClientLoginManager() throws Exception {
Map<String, ?> configs = Collections.singletonMap("sasl.jaas.config", dynamicPlainContext);
JaasContext dynamicContext = JaasContext.loadClientContext(configs);
JaasContext staticContext = JaasContext.loadClientContext(Collections.<String, Object>emptyMap());
LoginManager dynamicLogin = LoginManager.acquireLoginManager(dynamicContext, "PLAIN", false, configs);
assertEquals(dynamicPlainContext, dynamicLogin.cacheKey());
LoginManager staticLogin = LoginManager.acquireLoginManager(staticContext, "SCRAM-SHA-256", false, configs);
assertNotSame(dynamicLogin, staticLogin);
assertEquals("KafkaClient", staticLogin.cacheKey());
assertSame(dynamicLogin, LoginManager.acquireLoginManager(dynamicContext, "PLAIN", false, configs));
assertSame(staticLogin, LoginManager.acquireLoginManager(staticContext, "SCRAM-SHA-256", false, configs));
verifyLoginManagerRelease(dynamicLogin, 2, dynamicContext, configs);
verifyLoginManagerRelease(staticLogin, 2, staticContext, configs);
}
use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.
the class LoginManagerTest method testServerLoginManager.
@Test
public void testServerLoginManager() throws Exception {
Map<String, Object> configs = new HashMap<>();
configs.put("plain.sasl.jaas.config", dynamicPlainContext);
configs.put("digest-md5.sasl.jaas.config", dynamicDigestContext);
ListenerName listenerName = new ListenerName("listener1");
JaasContext plainJaasContext = JaasContext.loadServerContext(listenerName, "PLAIN", configs);
JaasContext digestJaasContext = JaasContext.loadServerContext(listenerName, "DIGEST-MD5", configs);
JaasContext scramJaasContext = JaasContext.loadServerContext(listenerName, "SCRAM-SHA-256", configs);
LoginManager dynamicPlainLogin = LoginManager.acquireLoginManager(plainJaasContext, "PLAIN", false, configs);
assertEquals(dynamicPlainContext, dynamicPlainLogin.cacheKey());
LoginManager dynamicDigestLogin = LoginManager.acquireLoginManager(digestJaasContext, "DIGEST-MD5", false, configs);
assertNotSame(dynamicPlainLogin, dynamicDigestLogin);
assertEquals(dynamicDigestContext, dynamicDigestLogin.cacheKey());
LoginManager staticScramLogin = LoginManager.acquireLoginManager(scramJaasContext, "SCRAM-SHA-256", false, configs);
assertNotSame(dynamicPlainLogin, staticScramLogin);
assertEquals("KafkaServer", staticScramLogin.cacheKey());
assertSame(dynamicPlainLogin, LoginManager.acquireLoginManager(plainJaasContext, "PLAIN", false, configs));
assertSame(dynamicDigestLogin, LoginManager.acquireLoginManager(digestJaasContext, "DIGEST-MD5", false, configs));
assertSame(staticScramLogin, LoginManager.acquireLoginManager(scramJaasContext, "SCRAM-SHA-256", false, configs));
verifyLoginManagerRelease(dynamicPlainLogin, 2, plainJaasContext, configs);
verifyLoginManagerRelease(dynamicDigestLogin, 2, digestJaasContext, configs);
verifyLoginManagerRelease(staticScramLogin, 2, scramJaasContext, configs);
}
use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method createClientConnectionWithoutSaslAuthenticateHeader.
private void createClientConnectionWithoutSaslAuthenticateHeader(final SecurityProtocol securityProtocol, final String saslMechanism, String node) throws Exception {
final ListenerName listenerName = ListenerName.forSecurityProtocol(securityProtocol);
final Map<String, ?> configs = Collections.emptyMap();
final JaasContext jaasContext = JaasContext.loadClientContext(configs);
final Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
SaslChannelBuilder clientChannelBuilder = new SaslChannelBuilder(Mode.CLIENT, jaasContexts, securityProtocol, listenerName, false, saslMechanism, true, null, null) {
@Override
protected SaslClientAuthenticator buildClientAuthenticator(Map<String, ?> configs, String id, String serverHost, String servicePrincipal, TransportLayer transportLayer, Subject subject) throws IOException {
return new SaslClientAuthenticator(configs, id, subject, servicePrincipal, serverHost, saslMechanism, true, transportLayer) {
@Override
protected SaslHandshakeRequest createSaslHandshakeRequest(short version) {
return new SaslHandshakeRequest.Builder(saslMechanism).build((short) 0);
}
@Override
protected void saslAuthenticateVersion(short version) {
// Don't set version so that headers are disabled
}
};
}
};
clientChannelBuilder.configure(saslClientConfigs);
this.selector = NetworkTestUtils.createSelector(clientChannelBuilder);
InetSocketAddress addr = new InetSocketAddress("127.0.0.1", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
}
use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.
the class SaslServerAuthenticatorTest method setupAuthenticator.
private SaslServerAuthenticator setupAuthenticator(Map<String, ?> configs, TransportLayer transportLayer, String mechanism) throws IOException {
TestJaasConfig jaasConfig = new TestJaasConfig();
jaasConfig.addEntry("jaasContext", PlainLoginModule.class.getName(), new HashMap<String, Object>());
Map<String, JaasContext> jaasContexts = Collections.singletonMap(mechanism, new JaasContext("jaasContext", JaasContext.Type.SERVER, jaasConfig, null));
Map<String, Subject> subjects = Collections.singletonMap(mechanism, new Subject());
return new SaslServerAuthenticator(configs, "node", jaasContexts, subjects, null, new CredentialCache(), new ListenerName("ssl"), SecurityProtocol.SASL_SSL, transportLayer, new DelegationTokenCache(ScramMechanism.mechanismNames()));
}
Aggregations