Example 1 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class ClientAuthenticationFailureTest method setup.
@Before
public void setup() throws Exception {
LoginManager.closeAll();
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
saslServerConfigs = new HashMap<>();
saslServerConfigs.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Arrays.asList("PLAIN"));
saslClientConfigs = new HashMap<>();
saslClientConfigs.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_PLAINTEXT");
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
testJaasConfig = TestJaasConfig.createConfiguration("PLAIN", Arrays.asList("PLAIN"));
testJaasConfig.setClientOptions("PLAIN", TestJaasConfig.USERNAME, "anotherpassword");
server = createEchoServer(securityProtocol);
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
Before(org.junit.Before)
Example 2 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testJaasConfigurationForListener.
@Test
public void testJaasConfigurationForListener() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
saslServerConfigs.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Arrays.asList("PLAIN"));
TestJaasConfig staticJaasConfig = new TestJaasConfig();
Map<String, Object> globalServerOptions = new HashMap<>();
globalServerOptions.put("user_global1", "gsecret1");
globalServerOptions.put("user_global2", "gsecret2");
staticJaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_SERVER, PlainLoginModule.class.getName(), globalServerOptions);
Map<String, Object> clientListenerServerOptions = new HashMap<>();
clientListenerServerOptions.put("user_client1", "csecret1");
clientListenerServerOptions.put("user_client2", "csecret2");
String clientJaasEntryName = "client." + TestJaasConfig.LOGIN_CONTEXT_SERVER;
staticJaasConfig.createOrUpdateEntry(clientJaasEntryName, PlainLoginModule.class.getName(), clientListenerServerOptions);
Configuration.setConfiguration(staticJaasConfig);
// Listener-specific credentials
server = createEchoServer(new ListenerName("client"), securityProtocol);
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "client1", "csecret1"));
createAndCheckClientConnection(securityProtocol, "1");
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "global1", "gsecret1"));
createAndCheckClientConnectionFailure(securityProtocol, "2");
server.close();
// Global credentials as there is no listener-specific JAAS entry
server = createEchoServer(new ListenerName("other"), securityProtocol);
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "global1", "gsecret1"));
createAndCheckClientConnection(securityProtocol, "3");
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "client1", "csecret1"));
createAndCheckClientConnectionFailure(securityProtocol, "4");
}
Also used :
HashMap(java.util.HashMap)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule)
ListenerName(org.apache.kafka.common.network.ListenerName)
Test(org.junit.Test)
Example 3 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testInvalidPasswordSaslScram.
/**
* Tests that SASL/SCRAM clients fail authentication if password is invalid.
*/
@Test
public void testInvalidPasswordSaslScram() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
Map<String, Object> options = new HashMap<>();
options.put("username", TestJaasConfig.USERNAME);
options.put("password", "invalidpassword");
jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, ScramLoginModule.class.getName(), options);
String node = "0";
server = createEchoServer(securityProtocol);
updateScramCredentialCache(TestJaasConfig.USERNAME, TestJaasConfig.PASSWORD);
createAndCheckClientAuthenticationFailure(securityProtocol, node, "SCRAM-SHA-256", null);
server.verifyAuthenticationMetrics(0, 1);
}
Also used :
HashMap(java.util.HashMap)
ScramLoginModule(org.apache.kafka.common.security.scram.ScramLoginModule)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
Test(org.junit.Test)
Example 4 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testMissingPasswordSaslPlain.
/**
* Tests that SASL/PLAIN clients with missing password in JAAS configuration fail authentication.
*/
@Test
public void testMissingPasswordSaslPlain() throws Exception {
String node = "0";
TestJaasConfig jaasConfig = configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
jaasConfig.setClientOptions("PLAIN", "myuser", null);
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
server = createEchoServer(securityProtocol);
createSelector(securityProtocol, saslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("127.0.0.1", server.port());
try {
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
fail("SASL/PLAIN channel created without password");
} catch (IOException e) {
// Expected exception
}
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
IOException(java.io.IOException)
Test(org.junit.Test)
Example 5 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testValidSaslScramMechanisms.
/**
* Tests all supported SCRAM client and server channels. Also tests that all
* supported SCRAM mechanisms can be supported simultaneously on a server.
*/
@Test
public void testValidSaslScramMechanisms() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
configureMechanisms("SCRAM-SHA-256", new ArrayList<>(ScramMechanism.mechanismNames()));
server = createEchoServer(securityProtocol);
updateScramCredentialCache(TestJaasConfig.USERNAME, TestJaasConfig.PASSWORD);
for (String mechanism : ScramMechanism.mechanismNames()) {
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, mechanism);
createAndCheckClientConnection(securityProtocol, "node-" + mechanism);
}
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
Test(org.junit.Test)
Aggregations
SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)94
Test (org.junit.jupiter.api.Test)50
Test (org.junit.Test)29
HashMap (java.util.HashMap)22
InetSocketAddress (java.net.InetSocketAddress)14
NetworkSend (org.apache.kafka.common.network.NetworkSend)11
RequestHeader (org.apache.kafka.common.requests.RequestHeader)11
PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)10
TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)9
ScramLoginModule (org.apache.kafka.common.security.scram.ScramLoginModule)9
IOException (java.io.IOException)8
ByteBuffer (java.nio.ByteBuffer)8
ListenerName (org.apache.kafka.common.network.ListenerName)7
ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)7
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)7
KafkaException (org.apache.kafka.common.KafkaException)6
LogContext (org.apache.kafka.common.utils.LogContext)6
Password (org.apache.kafka.common.config.types.Password)5
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)5
ArgumentsSource (org.junit.jupiter.params.provider.ArgumentsSource)5
