kafka實現SASL_PLAINTEXT權限認證·集成springboot篇

消費者模塊實現

1、首先創建 kafka_client_jaas.conf 文件

KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin"
user_admin="admin"
user_alice="alice";
};

我們使用的是多環境部署，在名字后面追加環境區分：kafka_client_jaas_dev.conf kafka_client_jaas_test.conf kafka_client_jaas_prod.conf 。這使得每個環境的賬戶密碼不一樣，更加靈活

2、bean 配置

@Configuration
@EnableKafka
public class KafkaConsumerConfig {

    @Value("${kafka.consumer.servers}")
    private String servers;
    @Value("${kafka.consumer.enable.auto.commit}")
    private boolean enableAutoCommit;
    @Value("${kafka.consumer.session.timeout}")
    private String sessionTimeout;
    @Value("${kafka.consumer.auto.commit.interval}")
    private String autoCommitInterval;
    @Value("${kafka.consumer.group.id}")
    private String groupId;
    @Value("${kafka.consumer.auto.offset.reset}")
    private String autoOffsetReset;
    @Value("${kafka.consumer.concurrency}")
    private int concurrency;
    @Value("${kafkaSecurityStatus}")
    private int kafkaSecurityStatus;

    @Bean
    public KafkaListenerContainerFactory<ConcurrentMessageListenerContainer<String, String>> kafkaListenerContainerFactory() {
        ConcurrentKafkaListenerContainerFactory<String, String> factory = new ConcurrentKafkaListenerContainerFactory<>();
        factory.setConsumerFactory(consumerFactory());
        factory.setConcurrency(concurrency);
        factory.getContainerProperties().setPollTimeout(1500);
        return factory;
    }
    
    public KafkaListenerContainerFactory<ConcurrentMessageListenerContainer<String, String>> kafkaListenerContainerBatchFactory() {
        ConcurrentKafkaListenerContainerFactory<String, String> factory = new ConcurrentKafkaListenerContainerFactory<>();
        factory.setConsumerFactory(consumerFactory());
        factory.setConcurrency(concurrency);
        factory.setBatchListener(true);
        factory.getContainerProperties().setPollTimeout(1500);
        return factory;
    }

    public ConsumerFactory<String, String> consumerFactory() {
        return new DefaultKafkaConsumerFactory<>(consumerConfigs());
    }


    public Map<String, Object> consumerConfigs() {
        Map<String, Object> propsMap = new HashMap<>();
        propsMap.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, servers);
        propsMap.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, enableAutoCommit);
        propsMap.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, autoCommitInterval);
        propsMap.put(ConsumerConfig.SESSION_TIMEOUT_MS_CONFIG, sessionTimeout);
        propsMap.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
        propsMap.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
        propsMap.put(ConsumerConfig.GROUP_ID_CONFIG, groupId);
        propsMap.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, autoOffsetReset);

        // 靈活配置是否啟用權限認證開關
        if(kafkaSecurityStatus == 1){
            propsMap.put("security.protocol", "SASL_PLAINTEXT");
            propsMap.put("sasl.mechanism", "PLAIN");
        }
        return propsMap;
    }
    

}

3、加載conf

我這里因為需要根據啟動環境加載不同的conf,就在啟動類拿到啟動的參數時加載

public class XXXApplication {

    private static Logger log = LoggerFactory.getLogger(XXXApplication.class);

    public static void main(String[] args) {
        String profile = System.getProperty("spring.profiles.active");
        //加載kafka 權限認證的配置信息
        String kafkaPath = "classpath:kafka_client_jaas_" + profile + ".conf";
        log.info("=====profile:" + profile + " || kafkaPath" + kafkaPath);
        System.setProperty("java.security.auth.login.config", kafkaPath);

        SpringApplication.run(XXXApplication.class, args);
    }
}

4、啟動命令

不可用：nohup java -jar XXX.jar --spring.profiles.active=prod >>/dev/null &

由於原來使用的--spring.profiles.active=prod 不能成功加載，調整為如下命令

可用：nohup java -Dspring.profiles.active=dev -jar XXX.jar >>/dev/null &

生產者模塊

其他配置與消費者類似，這里不多介紹了

bean配置如下：

@Configuration
@EnableKafka
public class KafkaProducerConfig {

    @Value("${kafka.producer.servers}")
    private String servers;
    @Value("${kafka.producer.retries}")
    private int retries;
    @Value("${kafka.producer.batch.size}")
    private int batchSize;
    @Value("${kafka.producer.linger}")
    private int linger;
    @Value("${kafka.producer.buffer.memory}")
    private int bufferMemory;
    @Value("${kafkaSecurityStatus}")
    private int kafkaSecurityStatus;

    public Map<String, Object> producerConfigs() {
        Map<String, Object> props = new HashMap<>();
        props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, servers);
        props.put(ProducerConfig.RETRIES_CONFIG, retries);
        props.put(ProducerConfig.BATCH_SIZE_CONFIG, batchSize);
        props.put(ProducerConfig.LINGER_MS_CONFIG, linger);
        props.put(ProducerConfig.BUFFER_MEMORY_CONFIG, bufferMemory);
        props.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, StringSerializer.class);
        props.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, StringSerializer.class);
        // 靈活配置開關是否啟用權限認證
        if(kafkaSecurityStatus == 1){
            props.put("security.protocol", "SASL_PLAINTEXT");
            props.put("sasl.mechanism", "PLAIN");
        }

        return props;
    }

    public ProducerFactory<String, String> producerFactory() {
        return new DefaultKafkaProducerFactory<>(producerConfigs());
    }

    @Bean
    public KafkaTemplate<String, String> kafkaTemplate() {
        return new KafkaTemplate<String, String>(producerFactory());
    }
}

至此結束！

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 kafka支持認證SASL_PLAINTEXT kafka使用SASL_PLAINTEXT做用戶認證 Kafka Tool 配置SASL_PLAINTEXT Kafka安裝及開啟SASL_PLAINTEXT認證（用戶名和密碼認證） Kafka的安全認證機制SASL/PLAINTEXT Kafka啟用SASL_PLAINTEXT動態配置JAAS文件的幾種方式 Why Ambari is setting the security protocol of the kafka to PLAINTEXTSASL instead of SASL_PLAINTEXT? SpringBoot集成JWT 實現接口權限認證 SpringBoot集成JWT實現權限認證 KAFKA的SASL認證