Location>code7788 >text

Spring Boot based on SCRAM authentication integration Kafka details

Popularity:372 ℃/2024-08-05 11:09:32

I. Description

In modern microservice architectures, theKafka is widely used as a messaging middleware, and security is a key factor in that. In this post, we will look at how theSpring Boot Integration in applicationsKafka usingSCRAM Authentication mechanisms for secure connections; and implement operations such as dynamic account creation, ACL permissions, Topics, and producers and consumers.

You need to prepare a Kafka environment configured with SCRAM authentication, which can be found in theDynamic Authorization Authentication for Kafka Based on SASL/SCRAMDeployment.

 

II. Adding dependencies

existSpring Boot project-based Addspring-kafka dependencies

<dependency>
    <groupId></groupId>
    <artifactId>spring-kafka</artifactId>
</dependency>

 

Configuring Kafka

exist Configure Kafka-related properties, including server address, authentication information, and so on.

spring:  
  kafka:  
    bootstrap-servers: localhost:9092  
    properties:  
      : SASL_PLAINTEXT  
      : SCRAM-SHA-256 
      :  required username="your_username" password="your_password";
    consumer:
      group-id: test-consumer-group
      auto-offset-reset: earliest
      properties:
        :  required username="test" password="test";
    producer:
      key-serializer: 
      value-serializer: 
  • bootstrap-servers Kafka's cluster address
  • The communication protocol specifies that SASL is enabled.
  • Specify the specific authentication mechanism used by SASL
  • Specify the processing class for the authentication module and theuser ID cap (a poem)cryptographic
  • auto-offset-reset logic that specifies the offset.earliest Represents new entrants to the consumer are spending from scratch

 

IV. Dynamic management of resources

4.1. Creating KafkaAdminClient

KafkaAdminClient for managing Kafka resources (users, ACLs, topics, etc.). The following is sample code:

@Configuration
public class KafkaConfig {
    @Bean
    public KafkaAdminClient kafkaAdminClient(KafkaAdmin kafkaAdmin) {
        return (KafkaAdminClient) (());
    }
}

 

4.2 Dynamically creating users and setting permissions

utilizationKafka AdminClient API Enables dynamic creation of users and setting of ACL permissions:

/**
 * Create User
 */
public void createUser(String userName, String password) throws ExecutionException, InterruptedException {
    // tectonic (geology)ScramInformation on authentication mechanisms
    ScramCredentialInfo info = new ScramCredentialInfo(ScramMechanism.SCRAM_SHA_256, 8192);
    //user information
    UserScramCredentialAlteration userScramCredentialAdd = new UserScramCredentialUpsertion(userName, info, password);
    AlterUserScramCredentialsResult result = ((userScramCredentialAdd));
    ().get();
}

/**
 * Configuring read-only privileges for users
 */
public void createAcl(String account, String topicName, String consumerGroup) {
    AclBinding aclBindingTopic = genAclBinding(account, , topicName, );
    AclBinding aclBindingGroup = genAclBinding(account, , consumerGroup, );
    ((aclBindingTopic, aclBindingGroup));
}

 

4.3. Dynamic creation of topics

public void createTopic(String topicName, int partitions, short replicationFactor) throws ExecutionException, InterruptedException {
    NewTopic newTopic = new NewTopic(topicName, partitions, replicationFactor);
    CreateTopicsResult result = ((newTopic));
    ().get();
}

 

V. Producer and consumer configurations

5.1 Producer configuration

Configure a Kafka producer for sending messages:

@Service
public class KafkaProducer {
    private final KafkaTemplate<String, String> kafkaTemplate;

    public KafkaProducer(KafkaTemplate<String, String> kafkaTemplate) {
         = kafkaTemplate;
    }

    public void sendMessage(String message) {
        ("test", message);
    }
}

 

5.2 Consumer Configuration

utilization@KafkaListener annotation implements the consume message method:

@Service
public class KafkaConsumer {
    @KafkaListener(topics = "test", groupId = "test-consumer-group")
    public void consume(String message) {
        ("Received message: " + message);
    }
}

 

VI. Summary

With the above steps, we successfully integrated Kafka in our Spring Boot application and used the SCRAM authentication mechanism for secure connections; ensuring that user credentials are properly managed in the production environment and adjusting Kafka's security configuration as needed.

Complete sample code download:
/zlt2000/kafka-scram-demo