Setup client side SASL authentication to connect with two different kafka clusters

2
votes

I have spring boot application which connect to my kafka cluster. Application(as kafka client) uses SASL authentication and I specified JAAS configuration through System.setProperty() before initializing kafka producer and consumer. It is working fine with single kafka cluster setup.

kafka_client_jaas.conf

KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="myClusterUser"
  password="user-secret";
};

MyKafkaProducer.java

private void init()
{
    System.setProperty("java.security.auth.login.config", "kafka_client_jaas.conf");
    …
}

Now I have a third party(someone else’s) kafka cluster which is completely disconnected from my kafka cluster. Third party kafka cluster also uses SASL authentication.

How java application can connect to two different kafka clusters and both clusters required SASL authentication? Username and password are different for both the clusters and I can set only one JAAS config file in java.security.auth.login.config.

1
javaapache-kafkajaassasl

1 Answers

1
votes

Since Kafka 0.10.2, you can use the sasl.jaas.config setting to configure SASL authentication per Kafka client. This enables running multiple Kafka clients with different (or the same) SASL configurations in a single JVM.

To do so:

  • Unset java.security.auth.login.config

  • In each Kafka client properties add sasl.jaas.config. For example:

    sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
  username="myClusterUser" \
  password="user-secret";

    see http://kafka.apache.org/documentation.html#security_sasl_plain_clientconfig for the full details

  • MyKafkaClient.java

    import org.apache.kafka.common.config.SaslConfigs;
private void init() {
  properties.put(SaslConfigs.SASL_JAAS_CONFIG,
  "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"myClusterUser\" password=\"user-secret\"");
}

  • delete your JAAS file