You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by "sukumar.np" <su...@zohocorp.com> on 2017/08/22 15:27:16 UTC
Getting TimeoutException instead of TopicAuthorizationException
while using security SASL_PLAINTEXT
Hi All,
I am using 0.11 Kafka version and trying out an SASL_PLAINTEXT mechanism for Authentication and Authorization. I have configured Broker and Zookeeper as well Client with necessary configurations with help of following links
https://kafka.apache.org/documentation/#security_sasl_plain
https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/.
I have added acl to my topic to stop the write operation from any user as follows,
bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --deny-principal User:* --deny-host host:* --operation Write --topic test-12
Now I am sending produce request from my Java client(who is an unauthorized user), I am getting the following exception
java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 1000 ms.
In Server side getting following logs as (after enabled in log4j.properties),
DEBUG Principal = User:alice is Denied Operation = Describe from host = xxx.xx.xx.xx on resource = Topic:test-12 (kafka.authorizer.logger)
For the same topic, trying to produce via console-producer, I am getting like,
WARN Error while fetching metadata with correlation id 20 : {test-12=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)
Here my question is why am I getting TimeoutException instead of TopicAuthorizationException from java client?
Do I need to configure anything to get TopicAuthorizationException exception?
Please help me to resolve this issue.
Thanks
Sukumar
Re: Getting TimeoutException instead of TopicAuthorizationException
while using security SASL_PLAINTEXT
Posted by Manikumar <ma...@gmail.com>.
JIRA for this issue: https://issues.apache.org/jira/browse/KAFKA-5547
On Tue, Aug 22, 2017 at 8:57 PM, sukumar.np <su...@zohocorp.com> wrote:
> Hi All,
>
>
>
> I am using 0.11 Kafka version and trying out an SASL_PLAINTEXT mechanism
> for Authentication and Authorization. I have configured Broker and
> Zookeeper as well Client with necessary configurations with help of
> following links
>
> https://kafka.apache.org/documentation/#security_sasl_plain
>
> https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/.
>
>
>
>
> I have added acl to my topic to stop the write operation from any user as
> follows,
>
> bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
> --add --deny-principal User:* --deny-host host:* --operation Write --topic
> test-12
>
>
>
>
> Now I am sending produce request from my Java client(who is an
> unauthorized user), I am getting the following exception
>
> java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException:
> Failed to update metadata after 1000 ms.
>
>
> In Server side getting following logs as (after enabled in
> log4j.properties),
>
> DEBUG Principal = User:alice is Denied Operation = Describe from host =
> xxx.xx.xx.xx on resource = Topic:test-12 (kafka.authorizer.logger)
>
> For the same topic, trying to produce via console-producer, I am getting
> like,
>
> WARN Error while fetching metadata with correlation id 20 :
> {test-12=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.
> NetworkClient)
>
>
> Here my question is why am I getting TimeoutException instead of
> TopicAuthorizationException from java client?
>
>
>
> Do I need to configure anything to get TopicAuthorizationException
> exception?
>
>
>
> Please help me to resolve this issue.
>
>
>
> Thanks
>
> Sukumar
>
>
>
>
>