Andrea Cosentino created CAMEL-22864:
----------------------------------------
Summary: Camel-Kafka: Add KafkaSecurityConfigurer utility class to
simplify Kafka authentication configuration
Key: CAMEL-22864
URL: https://issues.apache.org/jira/browse/CAMEL-22864
Project: Camel
Issue Type: Improvement
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
Fix For: 4.x
Currently, configuring Kafka authentication in Camel requires users to manually
construct JAAS configuration strings, which is error-prone and requires deep
knowledge of Kafka security internals:
// Current approach - verbose and error-prone
from("kafka:myTopic?brokers=localhost:9092"
+ "&securityProtocol=SASL_SSL"
+ "&saslMechanism=SCRAM-SHA-512"
+
"&saslJaasConfig=org.apache.kafka.common.security.scram.ScramLoginModule
required username=\"user\" password=\"pass\";")
Users must know:
- The correct JAAS login module class name for each authentication type
- The exact JAAS configuration syntax
- Which securityProtocol to use with which saslMechanism
- How to properly escape special characters in credentials
This complexity has led to a proliferation of Kamelets in the camel-kamelets
project, where 24 separate Kafka Kamelets exist to cover different
authentication combinations (PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, SSL, etc.).
We've been discussing in the past about creating a factory for this purpose. In
particular adding a new KafkaSecurityConfigurer utility class and KafkaAuthType
enum to camel-kafka. This is for tracking purpose. I don't know it makes sense
to introduce this before or after the next 4.18.x LTS
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
