You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "indira (Jira)" <ji...@apache.org> on 2020/05/07 04:54:00 UTC
[jira] [Updated] (KAFKA-9967) SASL PLAIN authentication with custom
callback handler
[ https://issues.apache.org/jira/browse/KAFKA-9967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
indira updated KAFKA-9967:
--------------------------
Description:
I'm trying to add custom handler for SASL PLAN authentication. i have followed kafka document which says to add "listener.name.sasl_ssl.plain.sasl.server.callback.handler.class" with custom class name to server config. but this custom class is never taken , its always going to default PlainServerCallbackHandler.
On debuging the kafka-client code, observed that SaslChannelBuilder->createServerCallbackHandlers method is trying to read config property as "plain.sasl.server.callback.handler.class". which is different from the one mentioned in the doc. i have changed the property name in my config file and tried, but still it did not work.
Below is part of the config
sasl.server.callback.handler.class=null, confluent.ssl.keystore.location=null, adverti
sed.port=null, log.cleaner.dedupe.buffer.size=134217728, confluent.bearer.auth.token=null, confluent.tier.s3.aws.endpoint.override=null, log.cleaner.io.buffer.size=524288, create.topic.policy.class.name=null, confluent.missing.id.cache.ttl.sec=60, confluent.tier.fetcher.offset.cache.period.ms=60000, controlled.shutdown.retry.backoff.ms=5000, security.providers=null, confluent.verify.group.subscription.prefix=false, l*istener.name.sasl_ssl.plain.sasl.server.callback.handler.class=com.e2.test.security.PlainServerCallbackHandler,* log.roll.hours=168, log.cleanup.policy=[delete], confluent.enabl
If there are any sample code explaining custom SASL authentication, it could help us. I could not find any proper sample code related to this topic.
was:
I'm trying to add custom handler for SASL PLAN authentication. i have followed kafka document which says to add "listener.name.sasl_ssl.plain.sasl.server.callback.handler.class" with custom class name to server config. but this custom class is never taken , its always going to default PlainServerCallbackHandler.
On debuging the kafka-client code, observed that SaslChannelBuilder->createServerCallbackHandlers method is trying to read config property as "plain.sasl.server.callback.handler.class". which is different from the one mentioned in the doc. i have changed the property name in my config file and tried, but still it did not work.
If there are any sample code explaining custom SASL authentication, it could help us. I could not find any proper sample code related to this topic.
> SASL PLAIN authentication with custom callback handler
> ------------------------------------------------------
>
> Key: KAFKA-9967
> URL: https://issues.apache.org/jira/browse/KAFKA-9967
> Project: Kafka
> Issue Type: Bug
> Components: clients
> Affects Versions: 2.5.0
> Reporter: indira
> Priority: Major
>
> I'm trying to add custom handler for SASL PLAN authentication. i have followed kafka document which says to add "listener.name.sasl_ssl.plain.sasl.server.callback.handler.class" with custom class name to server config. but this custom class is never taken , its always going to default PlainServerCallbackHandler.
> On debuging the kafka-client code, observed that SaslChannelBuilder->createServerCallbackHandlers method is trying to read config property as "plain.sasl.server.callback.handler.class". which is different from the one mentioned in the doc. i have changed the property name in my config file and tried, but still it did not work.
> Below is part of the config
> sasl.server.callback.handler.class=null, confluent.ssl.keystore.location=null, adverti
> sed.port=null, log.cleaner.dedupe.buffer.size=134217728, confluent.bearer.auth.token=null, confluent.tier.s3.aws.endpoint.override=null, log.cleaner.io.buffer.size=524288, create.topic.policy.class.name=null, confluent.missing.id.cache.ttl.sec=60, confluent.tier.fetcher.offset.cache.period.ms=60000, controlled.shutdown.retry.backoff.ms=5000, security.providers=null, confluent.verify.group.subscription.prefix=false, l*istener.name.sasl_ssl.plain.sasl.server.callback.handler.class=com.e2.test.security.PlainServerCallbackHandler,* log.roll.hours=168, log.cleanup.policy=[delete], confluent.enabl
>
> If there are any sample code explaining custom SASL authentication, it could help us. I could not find any proper sample code related to this topic.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)