[jira] [Commented] (CAMEL-22864) Camel-Kafka: Add KafkaSecurityConfigurer utility class to simplify Kafka authentication configuration

Fri, 16 Jan 2026 05:30:09 -0800 


    [ 
https://issues.apache.org/jira/browse/CAMEL-22864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18052395#comment-18052395
 ] 

Claus Ibsen commented on CAMEL-22864:
-------------------------------------

its okay to add factory for 4.18 but keep existing as-is. Then over the next 
many years then the factory can be improved to cover all these security 
settings.

And the old options can still be there as there will be alof of camel kafka 
users that dont want to change "what works". and these options are also 
reflecting how you configure this directly in kafka. (yeah its ugly in kafka).

 

> Camel-Kafka: Add KafkaSecurityConfigurer utility class to simplify Kafka 
> authentication configuration
> -----------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-22864
>                 URL: https://issues.apache.org/jira/browse/CAMEL-22864
>             Project: Camel
>          Issue Type: Improvement
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.x
>
>
> Currently, configuring Kafka authentication in Camel requires users to 
> manually construct JAAS configuration strings, which is error-prone and 
> requires deep knowledge of Kafka security internals:
>   // Current approach - verbose and error-prone
>   from("kafka:myTopic?brokers=localhost:9092"
>       + "&securityProtocol=SASL_SSL"
>       + "&saslMechanism=SCRAM-SHA-512"
>       + 
> "&saslJaasConfig=org.apache.kafka.common.security.scram.ScramLoginModule 
> required username=\"user\" password=\"pass\";")
> Users must know:
>   - The correct JAAS login module class name for each authentication type
>   - The exact JAAS configuration syntax
>   - Which securityProtocol to use with which saslMechanism
>   - How to properly escape special characters in credentials
> This complexity has led to a proliferation of Kamelets in the camel-kamelets 
> project, where 24 separate Kafka Kamelets exist to cover different 
> authentication combinations (PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, SSL, etc.).
> We've been discussing in the past about creating a factory for this purpose. 
> In particular adding a new KafkaSecurityConfigurer utility class and 
> KafkaAuthType enum to camel-kafka. This is for tracking purpose. I don't know 
> it makes sense to introduce this before or after the next 4.18.x LTS



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to