I. Description
In modern microservice architectures, theKafka
is widely used as a messaging middleware, and security is a key factor in that. In this post, we will look at how theSpring Boot
Integration in applicationsKafka
usingSCRAM
Authentication mechanisms for secure connections; and implement operations such as dynamic account creation, ACL permissions, Topics, and producers and consumers.
You need to prepare a Kafka environment configured with SCRAM authentication, which can be found in theDynamic Authorization Authentication for Kafka Based on SASL/SCRAMDeployment.
II. Adding dependencies
existSpring Boot
project-based Add
spring-kafka
dependencies
<dependency>
<groupId></groupId>
<artifactId>spring-kafka</artifactId>
</dependency>
Configuring Kafka
exist Configure Kafka-related properties, including server address, authentication information, and so on.
spring:
kafka:
bootstrap-servers: localhost:9092
properties:
: SASL_PLAINTEXT
: SCRAM-SHA-256
: required username="your_username" password="your_password";
consumer:
group-id: test-consumer-group
auto-offset-reset: earliest
properties:
: required username="test" password="test";
producer:
key-serializer:
value-serializer:
-
bootstrap-servers
Kafka's cluster address -
The communication protocol specifies that SASL is enabled.
-
Specify the specific authentication mechanism used by SASL
-
Specify the processing class for the authentication module and theuser ID cap (a poem)cryptographic
-
auto-offset-reset
logic that specifies the offset.earliest Represents new entrants to the consumer are spending from scratch
IV. Dynamic management of resources
4.1. Creating KafkaAdminClient
KafkaAdminClient
for managing Kafka resources (users, ACLs, topics, etc.). The following is sample code:
@Configuration
public class KafkaConfig {
@Bean
public KafkaAdminClient kafkaAdminClient(KafkaAdmin kafkaAdmin) {
return (KafkaAdminClient) (());
}
}
4.2 Dynamically creating users and setting permissions
utilizationKafka AdminClient API
Enables dynamic creation of users and setting of ACL permissions:
/**
* Create User
*/
public void createUser(String userName, String password) throws ExecutionException, InterruptedException {
// tectonic (geology)ScramInformation on authentication mechanisms
ScramCredentialInfo info = new ScramCredentialInfo(ScramMechanism.SCRAM_SHA_256, 8192);
//user information
UserScramCredentialAlteration userScramCredentialAdd = new UserScramCredentialUpsertion(userName, info, password);
AlterUserScramCredentialsResult result = ((userScramCredentialAdd));
().get();
}
/**
* Configuring read-only privileges for users
*/
public void createAcl(String account, String topicName, String consumerGroup) {
AclBinding aclBindingTopic = genAclBinding(account, , topicName, );
AclBinding aclBindingGroup = genAclBinding(account, , consumerGroup, );
((aclBindingTopic, aclBindingGroup));
}
4.3. Dynamic creation of topics
public void createTopic(String topicName, int partitions, short replicationFactor) throws ExecutionException, InterruptedException {
NewTopic newTopic = new NewTopic(topicName, partitions, replicationFactor);
CreateTopicsResult result = ((newTopic));
().get();
}
V. Producer and consumer configurations
5.1 Producer configuration
Configure a Kafka producer for sending messages:
@Service
public class KafkaProducer {
private final KafkaTemplate<String, String> kafkaTemplate;
public KafkaProducer(KafkaTemplate<String, String> kafkaTemplate) {
= kafkaTemplate;
}
public void sendMessage(String message) {
("test", message);
}
}
5.2 Consumer Configuration
utilization@KafkaListener
annotation implements the consume message method:
@Service
public class KafkaConsumer {
@KafkaListener(topics = "test", groupId = "test-consumer-group")
public void consume(String message) {
("Received message: " + message);
}
}
VI. Summary
With the above steps, we successfully integrated Kafka in our Spring Boot application and used the SCRAM authentication mechanism for secure connections; ensuring that user credentials are properly managed in the production environment and adjusting Kafka's security configuration as needed.
Complete sample code download:
/zlt2000/kafka-scram-demo