Reference: https: //www.cnblogs.com/huxi2b/p/10437844.html
http://kafka.apache.org/documentation/#security_authz_examples
kafka 版本 :2.3.0
建立用户:
kafka-configs.bat --zookeeper localhost:2181/kafka-scram --alter --add-config SCRAM-SHA-256=[iterations=8192,password=writer-pwd],SCRAM-SHA-512=[password=writer-pwd] --entity-type users --entity-name writer
kafka-configs.bat --zookeeper localhost:2181/kafka-scram --alter --add-config SCRAM-SHA-256=[password=reader-pwd],SCRAM-SHA-512=[password=reader-pwd] --entity-type users --entity-name reader
kafka-configs.bat --zookeeper localhost:2181/kafka-scram --alter --add-config SCRAM-SHA-256=[password=admin],SCRAM-SHA-512=[password=admin] --entity-type users --entity-name admin
检查用户:
kafka-configs.bat --zookeeper localhost:2181/kafka-scram --describe --entity-type users --entity-name writer
Configuration Broker:
# enable the ACL
authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer
# admin provided in the present embodiment is a super user
super.users = the User: admin
# SCRAM mechanism is enabled, using the algorithm SCRAM-SHA-512
sasl.enabled = the SHA--SCRAM .mechanisms 512
# to open communication between the broker mechanism SCRAM, using algorithms SCRAM-SHA-512
sasl.mechanism.inter.broker.protocol = SCRAM-SHA-512
between the communications broker # PLAINTEXT use, this embodiment is not Demos SSL configuration
security.inter.broker.protocol = SASL_PLAINTEXT
# configure listeners using SASL_PLAINTEXT
listeners = SASL_PLAINTEXT: //172.21.0.9: 9092
# configure advertised.listeners
advertised.listeners = SASL_PLAINTEXT: //172.21.0.9: 9092
创建 topic:
kafka-topics.bat --create --zookeeper localhost:2181/kafka-scram --topic test --partitions 1 --replication-factor 1
为用户赋写权限:
kafka-acls.bat --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181/kafka-scram --add --allow-principal User:writer --operation Write --topic test
producer.conf contents of the file:
security.protocol=SASL_PLAINTEXT sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="writer" password="writer-pwd";
发送消息:
kafka-console-producer.bat --broker-list localhost:9092 --topic test --producer.config producer.conf
为用户赋读权限:
kafka-acls.bat --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181/kafka-scram --add --allow-principal User:reader --operation Read --topic test
kafka-acls.bat --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181/kafka-scram --add --allow-principal User:reader --operation Read --group test-group
consumer.conf contents of the file:
security.protocol=SASL_PLAINTEXT sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="reader" password="reader-pwd";
消费消息:
kafka-console-consumer.bat --bootstrap-server localhost:9092 --topic test --from-beginning --consumer.config consumer.conf --group test-group
: The user information is not specified, Rom Kafka
Kafka-Console Server-consumer.bat --bootstrap-localhost: 9092 --topic --from-Test-Group Zhang Beginning --group
New users, do not assign any permissions:
Kafka-configs.bat --zookeeper localhost: 2181 / Kafka-SCRAM --alter the SCRAM-config---add the SHA-256 = [Iterations = 8192, Zhang-password pwd =], the SCRAM -SHA-512 = [password = zhang -pwd] --entity-type users --entity-name zhang
Set server.properties file, allow.everyone.if.no.acl.found = true, restart the broker
Acl rights not disposed, may be taken from the pull message:
Kafka-Console Server-consumer.bat --bootstrap-localhost: 9092 --topic Test --from-Beginning --consumer.config zhang.conf