How to use kafka client in Jboss with JAAS?

Comments

I use kafka client in tomcat with JAAS ，everything is ok.
But when I use kafka client in Jboss eap，I meet some problems. My Kafka client version is 0.10.0.0, Jboss eap version is 6.2.4.

1.I config security-domain in jboss standalone.xml file as following，it works.

security-domain name="KafkaClient" cache-type="default"
authentication
login-module code="org.apache.kafka.common.security.plain.PlainLoginModule" flag="required"
module-option name="username" value="XXX"/
module-option name="password" value="XXX"/
/login-module
/authentication
/security-domain

2.But I want Jboss read JAAS configuration from file system,instead of configure standalone.xml directly.

So I add the property to standalone.xml:
property name="jboss.security.disable.secdomain.option" value="true"

And add the following property for specify JAAS file path:
-Djava.security.auth.login.config=D:\kafkaShareTest_jaas.conf

When I try to use kafka client produce messages, I am getting below exception:

14:56:33,922 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/JbossKafkaClient].[spring]] (http-localhost/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet spring threw exception: javax.security.auth.callback.UnsupportedCallbackException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.
at org.apache.kafka.common.security.authenticator.AbstractLogin$LoginCallbackHandler.handle(AbstractLogin.java:97) [kafka-clients-0.10.0.0.jar:]
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:939) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:936) [rt.jar:1.8.0_31]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:936) [rt.jar:1.8.0_31]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.getUsernameAndPassword(UsernamePasswordLoginModule.java:346) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:223) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_31]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_31]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_31]
at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) [rt.jar:1.8.0_31]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0_31]
at org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:69) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.common.security.authenticator.LoginManager.(LoginManager.java:46) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:70) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:277) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:188) [kafka-clients-0.10.0.0.jar:]
at com.mycomp.controller.JbossKafka.getDefaultProducer(JbossKafka.java:70) [classes:]
at com.mycomp.controller.ProducerController.defaultProducerWithInstanceName(ProducerController.java:76) [classes:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_31]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_31]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_31]
at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_31]
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215) [spring-web-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132) [spring-web-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:844) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.4.Final-redhat-1.jar:7.3.4.Final-redhat-1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]

Therefore I add jboss-deployment-structure.xml to my project,and disable jboss security subsystem.But I have another exception:

14:57:31,025 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/JbossKafkaClient].[spring]] (http-localhost/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet spring threw exception: javax.security.auth.login.LoginException: Can not find LoginModule class: org.jboss.as.security.remoting.RemotingLoginModule from [Module "deployment.JbossKafkaClient.war:main" from Service Module Loader]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:794) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) [rt.jar:1.8.0_31]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0_31]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0_31]
at org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:69) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.common.security.authenticator.LoginManager.(LoginManager.java:46) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:70) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:277) [kafka-clients-0.10.0.0.jar:]
at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:188) [kafka-clients-0.10.0.0.jar:]
at com.mycomp.controller.JbossKafka.getDefaultProducer(JbossKafka.java:70) [classes:]
at com.mycomp.controller.ProducerController.defaultProducerWithInstanceName(ProducerController.java:76) [classes:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_31]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_31]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_31]
at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_31]
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215) [spring-web-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132) [spring-web-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:844) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829) [spring-webmvc-3.2.9.RELEASE.jar:3.2.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.4.Final-redhat-1.jar:7.3.4.Final-redhat-1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.3.2.Final-redhat-1.jar:7.3.2.Final-redhat-1]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]

I think the reason is: jboss use its security subsystem,and load the org.jboss.as.security.remoting.RemotingLoginModule class when it startup ,instead of
org.apache.kafka.common.security.plain.PlainLoginModule.
Kafka client use PlainLoginModule for Authentication and Authorization, which extend java native javax.security.auth.spi.LoginModule.

My question is : How to make jboss eap read JAAS configuration from file system when I use kafka client with JAAS?

��

Started 2017-01-23T09:03:19+00:00 by

志强张

Community Member 31 points

Select Your Language

How to use kafka client in Jboss with JAAS?

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links