我已启用 SASL_SSL 配置,并与生产和消费数据的客户端进行了测试
服务器属性
security.inter.broker.protocol=SASL_SSL
sasl.mechanism.inter.broker.protocol=OAUTHBEARER
sasl.enabled.mechanisms=OAUTHBEARER
listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SSL://localhost:9094
advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SSL://localhost:9094
ssl.keystore.location=c:/kafka/config/kafka.server.keystore.jks
ssl.keystore.password=test1234
ssl.key.password=test1234
ssl.truststore.location=c:/kafka/config/kafka.server.truststore.jks
ssl.truststore.password=test1234
ssl.client.auth=required
消费者属性
sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
unsecuredLoginStringClaim_sub="alice";
security.protocol=SASL_SSL
sasl.mechanism=OAUTHBEARER
生产者属性
sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
unsecuredLoginStringClaim_sub="alice";
security.protocol=SASL_SSL
sasl.mechanism=OAUTHBEARER
kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
unsecuredLoginStringClaim_sub="admin";
};
如何提及端点以生成新令牌