authentication - 加载 Zookeeper JAAS 登录上下文“客户端”时出现异常

问题描述

当我运行 Kafka 代理时，出现错误：

Exception while loading Zookeeper JAAS login context 'Client'

zookeeper.jaas.conf

Server {
       org.apache.zookeeper.server.auth.DigestLoginModule required
       user_super="adminsecret"
       user_bob="bobsecret";
};

服务器.jaas.conf

KafkaServer {
       org.apache.kafka.common.security.plain.PlainLoginModule required 
       username=”admin”
       password=”admin-secret”
       user_admin=”admin-secret”
       user_bob=”bobsecret”;
};
Client {
       org.apache.zookeeper.server.auth.DigestLoginModule required
       username="bob"
       password="bobsecret";
};

服务器属性

listeners=SASL_SSL://localhost:9092
advertised.listeners=SASL_SSL://localhost:9092
security.inter.broker.protocol=SASL_SSL
sasl.enabled.mechanisms=PLAIN|GSSAP|SCRAM
sasl.mechanism.inter.broker.protocol=PLAIN|GSSAP|SCRAM
#ssl.endpoint.identification.algorithm=
#ssl.client.auth=required
#authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer

auto.create.topics.enable=false
#zookeeper.set.acl=true
#super.users=User:admin
#allow.everyone.if.no.acl.found=true
#sasl_ssl.jaas.config="-Djava.security.auth.login.config=/kafka/kafka_2.12-2.3.0/config/kafka_server_jaas.conf"

ssl.keystore.location=/kafka/kafka_2.12-2.3.0/server.keystore.jks
ssl.keystore.password=test1234
ssl.key.password=test1234
ssl.truststore.location=/kafka/kafka_2.12-2.3.0/server.truststore.jks
ssl.truststore.password=test1234

用于运行 Kafka 代理的命令：

export KAFKA_OPTS="-Djava.security.auth.login.config=/kafka/kafka_2.12-2.3.0/config/kafka_server_jaas.conf"

$ ./bin/kafka-server-start.sh config/server.properties

我正在使用SASL_SSL作为听众。

这是完整的堆栈跟踪

    $ export KAFKA_OPTS="-Djava.security.auth.login.config=/kafka/kafka_2.12-2.3.0/config/kafka_server_jaas.conf"
   $ ./bin/kafka-server-start.sh config/server.properties
    [2019-07-31 10:31:36,713] INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$)
    [2019-07-31 10:31:37,489] INFO Registered signal handlers for TERM, INT, HUP (org.apache.kafka.common.utils.LoggingSignalHandler)
    [2019-07-31 10:31:37,490] INFO starting (kafka.server.KafkaServer)
    [2019-07-31 10:31:37,496] INFO Connecting to zookeeper on localhost:2181 (kafka.server.KafkaServer)
    [2019-07-31 10:31:37,527] ERROR Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
    org.apache.kafka.common.KafkaException: Exception while loading Zookeeper JAAS login context 'Client'
        at org.apache.kafka.common.security.JaasUtils.isZkSecurityEnabled(JaasUtils.java:45)
        at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:373)
        at kafka.server.KafkaServer.startup(KafkaServer.scala:207)
        at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:38)
        at kafka.Kafka$.main(Kafka.scala:84)
        at kafka.Kafka.main(Kafka.scala)
    Caused by: java.lang.SecurityException: java.io.IOException: Configuration Error:
        Line 1: expected [{], found [null]
        at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
        at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
        at java.lang.Class.newInstance(Class.java:442)
        at javax.security.auth.login.Configuration$2.run(Configuration.java:255)
        at javax.security.auth.login.Configuration$2.run(Configuration.java:247)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)
        at org.apache.kafka.common.security.JaasUtils.isZkSecurityEnabled(JaasUtils.java:42)
        ... 5 more
    Caused by: java.io.IOException: Configuration Error:
        Line 1: expected [{], found [null]
        at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
        at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:579)
        at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:445)
        at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
        at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
        at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
        at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
        ... 16 more
    [2019-07-31 10:31:37,531] INFO shutting down (kafka.server.KafkaServer)
    [2019-07-31 10:31:37,542] INFO shut down completed (kafka.server.KafkaServer)
    [2019-07-31 10:31:37,542] ERROR Exiting Kafka. (kafka.server.KafkaServerStartable)
    [2019-07-31 10:31:37,555] INFO shutting down (kafka.server.KafkaServer)

标签： authenticationapache-kafkaapache-zookeeperjaasapache-kafka-security