You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/11/02 05:02:22 UTC

[GitHub] [kafka] sglass520 commented on pull request #11443: KAFKA-13411: This code enforces the creation of the correct sasl client (OAuthBear…

sglass520 commented on pull request #11443:
URL: https://github.com/apache/kafka/pull/11443#issuecomment-957103498


   @junrao I can confirm this issue running Kafka in WildFly. The code in createSaslClient() is calling Java Security API to get the factory for specified mechanism. However, the API will simply return the first security provider in the list of priority which implements the mechanism. This will always return an unsupported WildFly security provider as these are registered earlier and therefore higher priority.
   
   @shankarb27 code is correct in that kafka should explicitly define the factory instead of using Java security calls. This change should be replicated for every mechanism. Alternatively, allow user option to define the priority of the provider i.e kafka implementations should use Security insertProviderAt with user-defined index instead of addProvider which adds provider auto to lowest priority.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org