use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class ClientAuthenticationFailureTest method setup.
@Before
public void setup() throws Exception {
LoginManager.closeAll();
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
saslServerConfigs = new HashMap<>();
saslServerConfigs.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Arrays.asList("PLAIN"));
saslClientConfigs = new HashMap<>();
saslClientConfigs.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_PLAINTEXT");
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
testJaasConfig = TestJaasConfig.createConfiguration("PLAIN", Arrays.asList("PLAIN"));
testJaasConfig.setClientOptions("PLAIN", TestJaasConfig.USERNAME, "anotherpassword");
server = createEchoServer(securityProtocol);
}
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testJaasConfigurationForListener.
@Test
public void testJaasConfigurationForListener() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
saslServerConfigs.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Arrays.asList("PLAIN"));
TestJaasConfig staticJaasConfig = new TestJaasConfig();
Map<String, Object> globalServerOptions = new HashMap<>();
globalServerOptions.put("user_global1", "gsecret1");
globalServerOptions.put("user_global2", "gsecret2");
staticJaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_SERVER, PlainLoginModule.class.getName(), globalServerOptions);
Map<String, Object> clientListenerServerOptions = new HashMap<>();
clientListenerServerOptions.put("user_client1", "csecret1");
clientListenerServerOptions.put("user_client2", "csecret2");
String clientJaasEntryName = "client." + TestJaasConfig.LOGIN_CONTEXT_SERVER;
staticJaasConfig.createOrUpdateEntry(clientJaasEntryName, PlainLoginModule.class.getName(), clientListenerServerOptions);
Configuration.setConfiguration(staticJaasConfig);
// Listener-specific credentials
server = createEchoServer(new ListenerName("client"), securityProtocol);
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "client1", "csecret1"));
createAndCheckClientConnection(securityProtocol, "1");
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "global1", "gsecret1"));
createAndCheckClientConnectionFailure(securityProtocol, "2");
server.close();
// Global credentials as there is no listener-specific JAAS entry
server = createEchoServer(new ListenerName("other"), securityProtocol);
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "global1", "gsecret1"));
createAndCheckClientConnection(securityProtocol, "3");
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "client1", "csecret1"));
createAndCheckClientConnectionFailure(securityProtocol, "4");
}
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testInvalidPasswordSaslScram.
/**
* Tests that SASL/SCRAM clients fail authentication if password is invalid.
*/
@Test
public void testInvalidPasswordSaslScram() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
Map<String, Object> options = new HashMap<>();
options.put("username", TestJaasConfig.USERNAME);
options.put("password", "invalidpassword");
jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, ScramLoginModule.class.getName(), options);
String node = "0";
server = createEchoServer(securityProtocol);
updateScramCredentialCache(TestJaasConfig.USERNAME, TestJaasConfig.PASSWORD);
createAndCheckClientAuthenticationFailure(securityProtocol, node, "SCRAM-SHA-256", null);
server.verifyAuthenticationMetrics(0, 1);
}
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testMissingPasswordSaslPlain.
/**
* Tests that SASL/PLAIN clients with missing password in JAAS configuration fail authentication.
*/
@Test
public void testMissingPasswordSaslPlain() throws Exception {
String node = "0";
TestJaasConfig jaasConfig = configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
jaasConfig.setClientOptions("PLAIN", "myuser", null);
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
server = createEchoServer(securityProtocol);
createSelector(securityProtocol, saslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("127.0.0.1", server.port());
try {
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
fail("SASL/PLAIN channel created without password");
} catch (IOException e) {
// Expected exception
}
}
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testValidSaslScramMechanisms.
/**
* Tests all supported SCRAM client and server channels. Also tests that all
* supported SCRAM mechanisms can be supported simultaneously on a server.
*/
@Test
public void testValidSaslScramMechanisms() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
configureMechanisms("SCRAM-SHA-256", new ArrayList<>(ScramMechanism.mechanismNames()));
server = createEchoServer(securityProtocol);
updateScramCredentialCache(TestJaasConfig.USERNAME, TestJaasConfig.PASSWORD);
for (String mechanism : ScramMechanism.mechanismNames()) {
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, mechanism);
createAndCheckClientConnection(securityProtocol, "node-" + mechanism);
}
}
Aggregations