Spring Cloud Stream 消费者启动答案

【问题标题】：Spring Cloud Stream consumer startupSpring Cloud Stream 消费者启动
【发布时间】：2021-12-30 11:08:48
【问题描述】：

我最近将我的 spring cloud stream kafka 消费者应用程序从注释迁移到功能方法，现在它不会因失败而启动

org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:403)\n\t... 33 common frames omitted\nCaused by: 
org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, 
but the Kafka client code does not currently support obtaining a password from the user. not available to garner  authentication information 
from the user
\n\tat org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:172)
\n\tat org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
\n\tat org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73)
\n\tat org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)\n
\tat org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)\n\
t... 40 common frames omitted\nCaused by: javax.security.auth.login.LoginException:

这是配置：

jaas:
  options:
    sauAlias: Vault/Conjur/Secret/service_account
    useKeyTab: false
    krbProvider: com.sun.security.auth.module.Krb5LoginModule
    debug: true
  loginModule: com.usaa.kafka.auth3.krb.SauKrbLoginModuleWrapper
  bootstrapServers: >
    someserver:0000, someserver:0001

是否需要设置一个属性来避免登录提示？

【问题讨论】：

标签： java spring apache-kafka spring-kafka spring-cloud-stream

【解决方案1】：

如果您查看文档，您会看到 Krb5LoginModule 如果使用：

useKeyTab:
    Set this to true if you want the module to get the principal's key from the the keytab.(default value is False) If keytab is not set then the module will locate the keytab from the Kerberos configuration file. If it is not specified in the Kerberos configuration file then it will look for the file {user.home}{file.separator}krb5.keytab.

在您的情况下，我的假设是因为您使用的是useKeyTab = false，所以它试图在默认位置：{user.home}{file.separator}krb5.keytab. 中找到密钥表文件，它可能不存在。

https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html

请参阅此https://andriymz.github.io/kerberos/authentication-using-kerberos/#krb5loginmodule 了解可能的有效/无效配置组合。

您的配置应如下所示：

spring:
 cloud:
  stream:
   kafka:
    binder:
     brokers: localhost:9092  # path to kafka brokers
     autoCreateTopics: false
     jaas:
      loginModule: com.sun.security.auth.module.Krb5LoginModule
      controlFlag: required
      options: 
       useKeyTab: true
       storeKey: true
       keyTab: /your/pathTokeytabFile
       useTicketCache: false
       principal: yourserviceaccount@domain
       renewTicket: true
       serviceName: kafka
     configuration: 
       security:
         protocol: SASL_PLAINTEXT
       sasl: 
         kerberos: 
           service:
             name: kafka
     producerProperties:
       retries: 3
    bindings:
     CONSUMER_ONE:
      destination: TOPIC_1
      contentType: application/json
     CONSUMER_TWO:
      destination: TOPIC_2
      contentType: application/json
     CONSUMER_ERROR:
      destination: ERROR_TOPIC
      contentType: application/json
     PRODUCER_ONE:
      destination: TOPIC_2
      contentType: application/json
     PRODUCER_TWO:
      destination: TOPIC_3
      contentType: application/json
     PRODUCER_ERROR:
      destination: ERROR_TOPIC
      contentType: application/json

【讨论】：

感谢您的输入、链接和上下文！我将检查我的配置并重新部署。如果这些建议能带来成功的创业，我会接受答案。
问题是我有：spring: kafka: jaas: 而不是 spring: cloud: stream: kafka: binder: jaas: