You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by "sukumar.np" <su...@zohocorp.com> on 2017/08/22 15:27:16 UTC

Getting TimeoutException instead of TopicAuthorizationException while using security SASL_PLAINTEXT

Hi All,



I am using  0.11 Kafka version and trying out an SASL_PLAINTEXT mechanism for Authentication and Authorization. I have configured Broker and Zookeeper as well Client with necessary configurations with help of following links

https://kafka.apache.org/documentation/#security_sasl_plain

https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/.




I have added acl to my topic to stop the write operation from any user as follows,

bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --deny-principal User:* --deny-host host:* --operation Write --topic test-12




Now  I am sending produce request from my Java client(who is an unauthorized user), I am getting the following exception

java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 1000 ms.


In Server side getting following logs as (after enabled in log4j.properties),

DEBUG Principal = User:alice is Denied Operation = Describe from host = xxx.xx.xx.xx on resource = Topic:test-12 (kafka.authorizer.logger)

For the same topic, trying to produce via console-producer, I am getting like,

WARN Error while fetching metadata with correlation id 20 : {test-12=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)


Here my question is why am I getting  TimeoutException instead of TopicAuthorizationException from java client?



Do I need to configure anything to get TopicAuthorizationException exception?



Please help me to resolve this issue.



Thanks

Sukumar

Re: Getting TimeoutException instead of TopicAuthorizationException while using security SASL_PLAINTEXT

Posted by Manikumar <ma...@gmail.com>.

JIRA for this issue: https://issues.apache.org/jira/browse/KAFKA-5547

On Tue, Aug 22, 2017 at 8:57 PM, sukumar.np <su...@zohocorp.com> wrote:

> Hi All,
>
>
>
> I am using  0.11 Kafka version and trying out an SASL_PLAINTEXT mechanism
> for Authentication and Authorization. I have configured Broker and
> Zookeeper as well Client with necessary configurations with help of
> following links
>
> https://kafka.apache.org/documentation/#security_sasl_plain
>
> https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/.
>
>
>
>
> I have added acl to my topic to stop the write operation from any user as
> follows,
>
> bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
> --add --deny-principal User:* --deny-host host:* --operation Write --topic
> test-12
>
>
>
>
> Now  I am sending produce request from my Java client(who is an
> unauthorized user), I am getting the following exception
>
> java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException:
> Failed to update metadata after 1000 ms.
>
>
> In Server side getting following logs as (after enabled in
> log4j.properties),
>
> DEBUG Principal = User:alice is Denied Operation = Describe from host =
> xxx.xx.xx.xx on resource = Topic:test-12 (kafka.authorizer.logger)
>
> For the same topic, trying to produce via console-producer, I am getting
> like,
>
> WARN Error while fetching metadata with correlation id 20 :
> {test-12=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.
> NetworkClient)
>
>
> Here my question is why am I getting  TimeoutException instead of
> TopicAuthorizationException from java client?
>
>
>
> Do I need to configure anything to get TopicAuthorizationException
> exception?
>
>
>
> Please help me to resolve this issue.
>
>
>
> Thanks
>
> Sukumar
>
>
>
>
>