Versions Compared

Old Version 17

changes.mady.by.user Ismael Juma Juma

Saved on

compared with

New Version 18

changes.mady.by.user Rajini Sivaram

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Name: sasl.client.callback.handler.class
  • Type: CLASS
  • Doc: A Sasl client callback handler class that implements the org.apache.kafka.common.security.auth.AuthenticateCallbackHandler interface.
  • Default: null (by default, the appropriate internal default callback handlers for the mechanism will be used)

Server callback handler classes (for brokers only)

  • Name: sasl.server.callback.handler.class.map
  • Type: STRING
  • Doc: A map between Sasl mechanisms and Sasl server callback handler classes that implement the AuthenticateCallbackHandler interface. Key and value are separated by a colon and map entries are separated by commas. For example, PLAIN=CustomPlainCallbackHandler,SCRAM-SHA-256=CustomScramCallbackHandler.
  • Default: null (by default, the appropriate internal default callback handlers for each mechanism will be used)

Login class (for clients and brokers)

  • Name: sasl.login.class
  • Type: CLASS
  • Doc: A class that implements the org.apache.kafka.common.security.auth.Login interface.
  • Default: null (by default, the internal class KerberosLogin will be used if Kerberos is enabled on the listener and DefaultLogin otherwise)

Callback Handler

The callback handler interface AuthenticateCallbackHandler will extend the standard javax.security.auth.callback.CallbackHandler interface, enabling the handler to be passed directly to SaslServer/SaslClient implementations. The callback handler configured for a mechanism must include the callbacks as described below:

...

Code Block
languagejava
titleSample SASL/PLAIN Callback Handler
public class PlainServerCallbackHandler implements AuthenticateCallbackHandler {
    private List<AppConfigurationEntry> jaasConfigEntries;
    @Override
    public void configure(Map<String, ?> configs, String mechanism, List<AppConfigurationEntry> jaasConfigEntries) {
        this.jaasConfigEntries = jaasConfigEntries;
    }
    @Override
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        String username = null;
        for (Callback callback: callbacks) {
            if (callback instanceof NameCallback)
                username = ((NameCallback) callback).getDefaultName();
            else if (callback instanceof PlainAuthenticateCallback) {
                PlainAuthenticateCallback plainCallback = (PlainAuthenticateCallback) callback;
                boolean authenticated = authenticate(username, plainCallback.password());
                plainCallback.authenticated(authenticated);
            } else
                throw new UnsupportedCallbackException(callback);
        }
    }
    protected boolean authenticate(String username, char[] password) throws IOException {
        if (username == null)
            return false;
        else {
            String// expectedPasswordReturn = JaasContext.configEntryOption(jaasConfigEntries, "user_" + username, PlainLoginModule.class.getName());
            return Arrays.equals(password, expectedPassword.toCharArray());true if password matches expected password
        }
    }
    @Override
    public void close() throws KafkaException {
    }
}

...