You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by David McNelis <dm...@proofpoint.com> on 2019/09/05 15:37:14 UTC
Custom AuthenticateCallbackHandler and unexpected Callback type
G’day,
I’m a bit confused as to some of the behavior of building a custom AuthenticateCallbackHandler implementation / extending the PlainServerCallbackHandler. I have the following config:
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
security.inter.broker.protocol=SASL_PLAINTEXT
listeners=SASL_PLAINTEXT://localhost:9092
Assuming I have my jaas config in place, things largely work as expected. If I try to add:
sasl.client.callback.handler.class=com.my.CustomAuthenticationCallbackHandler
sasl.server.callback.handler.class=com.my.CustomAuthenticationCallbackHandler
I start to get an error because instead of getting a NameCallback and PlainAuthenticateCallback I am getting a NameCallback and a PasswordCallback.
I get the same error if I modify my handler classes to:
sasl.client.callback.handler.class=org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler
sasl.server.callback.handler.class=org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler
I feel I’m missing something pretty obvious in my config that’s causing me to get an unexpected set of Callbacks passed in.
Full stack trace is at the bottom (when I added debug statements I was seeing that it was the PasswordCallback getting passed in not the PlainAuthenticateCallback).
I appreciate any suggestions one might have.
Thanks,
David
org.apache.kafka.common.errors.SaslAuthenticationException: Failed to configure SaslClientAuthenticator
Caused by: org.apache.kafka.common.errors.SaslAuthenticationException: Failed to create SaslClient with mechanism PLAIN
Caused by: javax.security.sasl.SaslException: Cannot get userid/password [Caused by javax.security.auth.callback.UnsupportedCallbackException]
at java.security.sasl/com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157)
at java.security.sasl/com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94)
at java.security.sasl/javax.security.sasl.Sasl.createSaslClient(Sasl.java:397)
at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.lambda$createSaslClient$0(SaslClientAuthenticator.java:182)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:178)
at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.<init>(SaslClientAuthenticator.java:170)
at org.apache.kafka.common.network.SaslChannelBuilder.buildClientAuthenticator(SaslChannelBuilder.java:254)
at org.apache.kafka.common.network.SaslChannelBuilder.lambda$buildChannel$1(SaslChannelBuilder.java:202)
at org.apache.kafka.common.network.KafkaChannel.<init>(KafkaChannel.java:140)
at org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:210)
at org.apache.kafka.common.network.Selector.buildAndAttachKafkaChannel(Selector.java:336)
at org.apache.kafka.common.network.Selector.registerChannel(Selector.java:327)
at org.apache.kafka.common.network.Selector.connect(Selector.java:259)
at org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:945)
at org.apache.kafka.clients.NetworkClient.ready(NetworkClient.java:288)
at org.apache.kafka.clients.NetworkClientUtils.awaitReady(NetworkClientUtils.java:65)
at kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:295)
at kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:249)
at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:89)
Caused by: javax.security.auth.callback.UnsupportedCallbackException
at com.my.CustomAuthenticationCallbackHandler.handle(CustomAuthenticationCallbackHandler.java:57)
at java.security.sasl/com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:136)
... 20 more