Custom callback handler getting unexpected callback types

Mon, 09 Sep 2019 09:24:53 -0700 

Hello.

I’d tried posting this to the user list but had no response, so I’m x-posting 
here (since its probably more appropriate as a dev question).

*Kafka_2.12-2.3.0 is the version I’m running and compiling for.

I’m a bit confused as to some of the behavior of building a custom 
AuthenticateCallbackHandler implementation / extending the 
PlainServerCallbackHandler.  I have the following config:

sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
security.inter.broker.protocol=SASL_PLAINTEXT
listeners=SASL_PLAINTEXT://localhost:9092

Assuming I have my jaas config in place, things largely work as expected.  If I 
try to add:

sasl.client.callback.handler.class=com.my.CustomAuthenticationCallbackHandler
sasl.server.callback.handler.class=com.my.CustomAuthenticationCallbackHandler

I start to get an error because instead of getting a NameCallback and 
PlainAuthenticateCallback I am getting a NameCallback and a PasswordCallback.

I get the same error if I modify my handler classes to:
sasl.client.callback.handler.class=org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler
sasl.server.callback.handler.class=org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler

I feel I’m missing something pretty obvious in my config that’s causing me to 
get an unexpected set of Callbacks passed in.

Full stack trace is at the bottom (when I added debug statements I was seeing 
that it was the PasswordCallback getting passed in not the 
PlainAuthenticateCallback).

I appreciate any suggestions one might have.

Thanks,
David

org.apache.kafka.common.errors.SaslAuthenticationException: Failed to configure 
SaslClientAuthenticator
Caused by: org.apache.kafka.common.errors.SaslAuthenticationException: Failed 
to create SaslClient with mechanism PLAIN
Caused by: javax.security.sasl.SaslException: Cannot get userid/password 
[Caused by javax.security.auth.callback.UnsupportedCallbackException]
       at 
java.security.sasl/com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157)
       at 
java.security.sasl/com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94)
       at 
java.security.sasl/javax.security.sasl.Sasl.createSaslClient(Sasl.java:397)
       at 
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.lambda$createSaslClient$0(SaslClientAuthenticator.java:182)
       at java.base/java.security.AccessController.doPrivileged(Native Method)
       at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
       at 
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:178)
       at 
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.<init>(SaslClientAuthenticator.java:170)
       at 
org.apache.kafka.common.network.SaslChannelBuilder.buildClientAuthenticator(SaslChannelBuilder.java:254)
       at 
org.apache.kafka.common.network.SaslChannelBuilder.lambda$buildChannel$1(SaslChannelBuilder.java:202)
       at 
org.apache.kafka.common.network.KafkaChannel.<init>(KafkaChannel.java:140)
       at 
org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:210)
       at 
org.apache.kafka.common.network.Selector.buildAndAttachKafkaChannel(Selector.java:336)
       at 
org.apache.kafka.common.network.Selector.registerChannel(Selector.java:327)
       at org.apache.kafka.common.network.Selector.connect(Selector.java:259)
       at 
org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:945)
       at org.apache.kafka.clients.NetworkClient.ready(NetworkClient.java:288)
       at 
org.apache.kafka.clients.NetworkClientUtils.awaitReady(NetworkClientUtils.java:65)
       at 
kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:295)
       at 
kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:249)
       at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:89)
Caused by: javax.security.auth.callback.UnsupportedCallbackException
       at 
com.my.CustomAuthenticationCallbackHandler.handle(CustomAuthenticationCallbackHandler.java:57)
       at 
java.security.sasl/com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:136)
       ... 20 more

Reply via email to