THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Name:
sasl.client.callback.handler.class
- Type:
CLASS
- Doc: A Sasl client callback handler class that implements the
interface.org.apache.kafka.common.security.auth.
AuthenticateCallbackHandler - Default: null (by default, the appropriate internal default callback handlers for the mechanism will be used)
Server callback handler classes (for brokers only)
- Name:
sasl.server.callback.handler.class.map
- Type:
STRING
- Doc: A map between Sasl mechanisms and Sasl server callback handler classes that implement the
AuthenticateCallbackHandler
interface. Key and value are separated by a colon and map entries are separated by commas. For example, PLAIN=CustomPlainCallbackHandler,SCRAM-SHA-256=CustomScramCallbackHandler. - Default: null (by default, the appropriate internal default callback handlers for each mechanism will be used)
Login class (for clients and brokers)
- Name:
sasl.login.class
- Type:
CLASS
- Doc: A class that implements the
org.apache.kafka.common.security.auth.Login
interface. - Default: null (by default, the internal class
KerberosLogin
will be used if Kerberos is enabled on the listener andDefaultLogin
otherwise)
Callback Handler
The callback handler interface AuthenticateCallbackHandler
will extend the standard javax.security.auth.callback.CallbackHandler
interface, enabling the handler to be passed directly to SaslServer/SaslClient
implementations. The callback handler configured for a mechanism must include the callbacks as described below:
...
Code Block | ||||
---|---|---|---|---|
| ||||
public class PlainServerCallbackHandler implements AuthenticateCallbackHandler { private List<AppConfigurationEntry> jaasConfigEntries; @Override public void configure(Map<String, ?> configs, String mechanism, List<AppConfigurationEntry> jaasConfigEntries) { this.jaasConfigEntries = jaasConfigEntries; } @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { String username = null; for (Callback callback: callbacks) { if (callback instanceof NameCallback) username = ((NameCallback) callback).getDefaultName(); else if (callback instanceof PlainAuthenticateCallback) { PlainAuthenticateCallback plainCallback = (PlainAuthenticateCallback) callback; boolean authenticated = authenticate(username, plainCallback.password()); plainCallback.authenticated(authenticated); } else throw new UnsupportedCallbackException(callback); } } protected boolean authenticate(String username, char[] password) throws IOException { if (username == null) return false; else { String// expectedPasswordReturn = JaasContext.configEntryOption(jaasConfigEntries, "user_" + username, PlainLoginModule.class.getName()); return Arrays.equals(password, expectedPassword.toCharArray());true if password matches expected password } } @Override public void close() throws KafkaException { } } |
...