This is an automated email from the ASF dual-hosted git repository.
mimaison pushed a commit to branch 4.0
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/4.0 by this push:
new d5ff490dab6 KAFKA-18520: Remove ZooKeeper logic from JaasUtils (#18530)
d5ff490dab6 is described below
commit d5ff490dab6b0683f16730afcaafa642396741f1
Author: Mickael Maison <mimai...@users.noreply.github.com>
AuthorDate: Wed Jan 15 13:17:06 2025 +0100
KAFKA-18520: Remove ZooKeeper logic from JaasUtils (#18530)
Reviewers: Chia-Ping Tsai <chia7...@gmail.com>
---
.../apache/kafka/common/security/JaasUtils.java | 55 ----------------------
1 file changed, 55 deletions(-)
diff --git
a/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
b/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
index 742319c4f49..800283e56e2 100644
--- a/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
+++ b/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
@@ -16,67 +16,12 @@
*/
package org.apache.kafka.common.security;
-import org.apache.kafka.common.KafkaException;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.security.auth.login.Configuration;
-
public final class JaasUtils {
- private static final Logger LOG = LoggerFactory.getLogger(JaasUtils.class);
public static final String JAVA_LOGIN_CONFIG_PARAM =
"java.security.auth.login.config";
public static final String DISALLOWED_LOGIN_MODULES_CONFIG =
"org.apache.kafka.disallowed.login.modules";
public static final String DISALLOWED_LOGIN_MODULES_DEFAULT =
"com.sun.security.auth.module.JndiLoginModule";
public static final String SERVICE_NAME = "serviceName";
- public static final String ZK_SASL_CLIENT = "zookeeper.sasl.client";
- public static final String ZK_LOGIN_CONTEXT_NAME_KEY =
"zookeeper.sasl.clientconfig";
-
- private static final String DEFAULT_ZK_LOGIN_CONTEXT_NAME = "Client";
- private static final String DEFAULT_ZK_SASL_CLIENT = "true";
-
private JaasUtils() {}
- public static String zkSecuritySysConfigString() {
- String loginConfig = System.getProperty(JAVA_LOGIN_CONFIG_PARAM);
- String clientEnabled = System.getProperty(ZK_SASL_CLIENT, "default:" +
DEFAULT_ZK_SASL_CLIENT);
- String contextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY,
"default:" + DEFAULT_ZK_LOGIN_CONTEXT_NAME);
- return "[" +
- JAVA_LOGIN_CONFIG_PARAM + "=" + loginConfig +
- ", " +
- ZK_SASL_CLIENT + "=" + clientEnabled +
- ", " +
- ZK_LOGIN_CONTEXT_NAME_KEY + "=" + contextName +
- "]";
- }
-
- public static boolean isZkSaslEnabled() {
- // Technically a client must also check if TLS mutual authentication
has been configured,
- // but we will leave that up to the client code to determine since
direct connectivity to ZooKeeper
- // has been deprecated in many clients and we don't wish to
re-introduce a ZooKeeper jar dependency here.
- boolean zkSaslEnabled =
Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT,
DEFAULT_ZK_SASL_CLIENT));
- String zkLoginContextName =
System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, DEFAULT_ZK_LOGIN_CONTEXT_NAME);
-
- LOG.debug("Checking login config for Zookeeper JAAS context {}",
zkSecuritySysConfigString());
-
- boolean foundLoginConfigEntry;
- try {
- Configuration loginConf = Configuration.getConfiguration();
- foundLoginConfigEntry =
loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
- } catch (Exception e) {
- throw new KafkaException("Exception while loading Zookeeper JAAS
login context " +
- zkSecuritySysConfigString(), e);
- }
-
- if (foundLoginConfigEntry && !zkSaslEnabled) {
- LOG.error("JAAS configuration is present, but system property " +
- ZK_SASL_CLIENT + " is set to false, which disables " +
- "SASL in the ZooKeeper client");
- throw new KafkaException("Exception while determining if ZooKeeper
is secure " +
- zkSecuritySysConfigString());
- }
-
- return foundLoginConfigEntry;
- }
}
