# kafka-auth-server

**Repository Path**: david-ig/kafka-auth-server

## Basic Information

- **Project Name**: kafka-auth-server
- **Description**: kafka 认证鉴权  plain二次开发
- **Primary Language**: Java
- **License**: Apache-2.0
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 1
- **Created**: 2022-07-18
- **Last Updated**: 2023-04-21

## Categories & Tags

**Categories**: Uncategorized

**Tags**: Kafka, Java

## README

# kafka-auth-server
#### kafka plain二次开发

kafka版本kafka_2.13-2.8.1.tgz

zk版本3.7.1


##### kafka

1.config/server.properties修改：

```properties
listeners=SASL_PLAINTEXT://192.168.18.127:9092
advertised.listeners=SASL_PLAINTEXT://192.168.18.127:9092
security.inter.broker.protocol=SASL_PLAINTEXT

#需要自己实现认证逻辑并且把jar包上传到libs目录下

listener.name.sasl_plaintext.plain.sasl.server.callback.handler.class=com.blockwit.kafka.security.examples.CustomAuthenticationCallbackHandler
sasl.enabled.mechanisms=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN

#改成自己需要存储的日志目录

log.dirs=/Users/huangzongjia/Downloads/tmp/kafka/kafka_2.12-2.4.1/log
```





2.config目录下新建

kafka_jaas.conf文件增加如下内容：

```properties
KafkaServer {
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="admin"
        password="admin-secret"
        user_admin="admin-secret";
};

Client {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret";
};

KafkaClient {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret";
};

Server {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="password"
   user_admin="admin-secret";
};
```



3.bin目录修改kafka-server-start.sh文件

增加

```properties
export KAFKA_OPTS="-Djava.security.auth.login.config=/usr/local/server/kafka2/kafka_2.13-2.8.1/config/kafka_jaas.conf"
```



4.上传相应的jar(kafka-auth-server-2.6.8-jar-with-dependencies.jar)包实现认证逻辑到kafkalibs目录下



##### zk修改

1.在conf目录新增zookeeper_jaas.conf文件

```properties
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
   username="admin"
   password="admin-secret";
};

Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
   username="admin"
   password="password"
   user_admin="admin-secret";
};
```



2.修改zoo_sample.cfg文件名为zoo.cfg

```properties
##并且修改

dataDir=/usr/local/server/kafka2/apache-zookeeper-3.7.1-bin/data
dataLogDir=/usr/local/server/kafka2/apache-zookeeper-3.7.1-bin/data/logs

##增加

authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000
```





3.修改zk启动sh

增加

export "KAFKA_OPTS=-Djava.security.auth.login.config=$ZOOBINDIR$/../conf/zookeeper_jaas.conf"



zkEnv.sh增加



export SERVER_JVMFLAGS="-Djava.security.auth.login.config=${ZOOBINDIR}/../conf/zookeeper_jaas.conf $SERVER_JVMFLAGS"