Hi Giuseppe, That class was replaced in Kafka 2.4, I think, with kafka.security.authorizer.AclAuthorizer.
Cheers, Liam Clarke-Hutchinson On Sat, Nov 13, 2021 at 1:15 AM Giuseppe Ricci Sysman <ri...@sys-man.it> wrote: > Hi, > > > > I'm new on security in Apache Kafka. I have Apache Kafka (v. 2.13-3.0.0) > installed on a remote Ubuntu server. I need to secure the communications > with producer-kafka broker and kafka broker-consumer. > > I try to follow the tutorial on Kafka documentation: > > > > https://kafka.apache.org/documentation/#security_overview > > > > and this tutorial which is more detailed: > > > > > https://medium.com/egen/securing-kafka-cluster-using-sasl-acl-and-ssl-dec15b > 439f9d > <https://medium.com/egen/securing-kafka-cluster-using-sasl-acl-and-ssl-dec15b439f9d> > > > > but when I try to restart kafka server with the commands: > > > > export > > KAFKA_OPTS=-Djava.security.auth.login.config=/home/kafka/Downloads/kafka_2.1 > 3-3.0.0/config/kafka_server_jaas.conf > > ./bin/kafka-server-start.sh ./config/server.properties > > > > I receive the error: > > > > kafka@kafka2:~/Downloads/kafka_2.13-3.0.0$ > <mailto:kafka@kafka2:~/Downloads/kafka_2.13-3.0.0$> sudo > ./bin/kafka-server-start.sh ./config/server.properties > > [2021-11-12 11:45:46,995] INFO Registered kafka:type=kafka.Log4jController > MBean (kafka.utils.Log4jControllerRegistration$) > > [2021-11-12 11:45:47,183] INFO Setting -D > jdk.tls.rejectClientInitiatedRenegotiation=true to disable client-initiated > TLS renegotiation (org.apache.zookeeper.common.X509Util) > > [2021-11-12 11:45:47,192] ERROR Exiting Kafka due to fatal exception > (kafka.Kafka$) > > java.lang.ClassNotFoundException: kafka.security.auth.SimpleAclAuthorizer > > at > > java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoade > r.java:606) > > at > > java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoa > ders.java:168) > > at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) > > at java.base/java.lang.Class.forName0(Native Method) > > at java.base/java.lang.Class.forName(Class.java:468) > > at org.apache.kafka.common.utils.Utils.loadClass(Utils.java:417) > > at org.apache.kafka.common.utils.Utils.newInstance(Utils.java:406) > > at > > kafka.security.authorizer.AuthorizerUtils$.createAuthorizer(AuthorizerUtils. > scala:31) > > at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1583) > > at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1394) > > at kafka.Kafka$.buildServer(Kafka.scala:67) > > at kafka.Kafka$.main(Kafka.scala:87) > > at kafka.Kafka.main(Kafka.scala) > > > > It seems the class SimpleAclAuthorizer is not found. > > Can it be to a wrong configuration? > > > > These are my SSL configs in the file server.properties: > > > > ########### SECURITY using SCRAM-SHA-512 and SSL ################### > > > listeners=PLAINTEXT://localhost:9092,SASL_PLAINTEXT://localhost:9093,SASL_SS > L://localhost:9094 > > > advertised.listeners=PLAINTEXT://localhost:9092,SASL_PLAINTEXT://localhost:9 > 093,SASL_SSL://localhost:9094 > > security.inter.broker.protocol=SASL_SSL > > ssl.endpoint.identification.algorithm= > > ssl.client.auth=required > > sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512 > > sasl.enabled.mechanisms=SCRAM-SHA-512 > > > > # Broker security settings > > > ssl.truststore.location=/home/kafka/Downloads/kafka_2.13-3.0.0/config/trusts > tore/kafka.truststore.jks > > ssl.truststore.password=giuseppe > > > ssl.keystore.location=/home/kafka/Downloads/kafka_2.13-3.0.0/config/keystore > /kafka.keystore.jks > > ssl.keystore.password=giuseppe > > ssl.key.password=giuseppe > > > > # ACLs > > authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer > > super.users=User:admin > > > > #zookeeper SASL > > zookeeper.set.acl=false > > ########### SECURITY using SCRAM-SHA-512 and SSL ################### > > > > Any help is appreciated. > > Thanks. > > > > PhD Giuseppe Ricci > > R&D Senior Software Developer > > Sysman Progetti & Servizi S.r.l. > > > < > https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sys-ma > > n.it%2F&data=02%7C01%7Cdaniele.verardi%40angelcompany.com%7C82656c3d0932496c > > c0d408d86abc2751%7Cc187ee014e4e40c8b342f82c8d699421%7C0%7C0%7C63737670364758 > <https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sys-man.it%2F&data=02%7C01%7Cdaniele.verardi%40angelcompany.com%7C82656c3d0932496cc0d408d86abc2751%7Cc187ee014e4e40c8b342f82c8d699421%7C0%7C0%7C63737670364758> > 9425&sdata=A1KwJWF8PrbDASmFQ92NPgMtQV2c0ciHWfYqt4PujQM%3D&reserved=0> > http://www.sys-man.it > > > > e-mail: <mailto:ri...@sys-man.it> ri...@sys-man.it > > > > > > -- > Questa email รจ stata esaminata alla ricerca di virus da AVG. > http://www.avg.com >
