想通过java来进行kafka赋权,下面是code
System.setProperty("java.security.auth.login.config","/etc/kafka/kafka_jaas.conf");
String[] cmdPArm = {"--authorizer-properties","zookeeper.connect=vmw201:2181/kafka","--add","--allow-principal","User:Alice","--operation","Write","--topic","test"};
AclCommand.main(cmdPArm);
虽然向程序中引入了jaas文件,通过该文件告诉程序,所使用的kafka超级用户主体和keytab所在路径,但还是出现了没有权限的问题。
Error while executing ACL command: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /kafka-acl/Topic/test
org.I0Itec.zkclient.exception.ZkException: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /kafka-acl/Topic/test
at org.I0Itec.zkclient.exception.ZkException.create(ZkException.java:68)
at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:995)
at org.I0Itec.zkclient.ZkClient.writeDataReturnStat(ZkClient.java:1138)
at org.I0Itec.zkclient.ZkClient.writeData(ZkClient.java:1133)
at org.I0Itec.zkclient.ZkClient.writeData(ZkClient.java:1101)
at kafka.utils.ZkUtils.updatePersistentPath(ZkUtils.scala:411)
at kafka.security.auth.SimpleAclAuthorizer.addAcls(SimpleAclAuthorizer.scala:173)
at kafka.admin.AclCommand$$anonfun$addAcl$1$$anonfun$apply$3.apply(AclCommand.scala:89)
at kafka.admin.AclCommand$$anonfun$addAcl$1$$anonfun$apply$3.apply(AclCommand.scala:86)
at scala.collection.TraversableLike$WithFilter$$anonfun$foreach$1.apply(TraversableLike.scala:772)
at scala.collection.immutable.Map$Map1.foreach(Map.scala:109)
at scala.collection.TraversableLike$WithFilter.foreach(TraversableLike.scala:771)
at kafka.admin.AclCommand$$anonfun$addAcl$1.apply(AclCommand.scala:86)
at kafka.admin.AclCommand$$anonfun$addAcl$1.apply(AclCommand.scala:80)
at kafka.admin.AclCommand$.withAuthorizer(AclCommand.scala:74)
at kafka.admin.AclCommand$.addAcl(AclCommand.scala:80)
at kafka.admin.AclCommand$.main(AclCommand.scala:48)
at kafka.admin.AclCommand.main(AclCommand.scala)
at kafka.acl.KafkaAcl.main(KafkaAcl.java:13)
Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /kafka-acl/Topic/test
at org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
at org.apache.zookeeper.ZooKeeper.setData(ZooKeeper.java:1270)
at org.I0Itec.zkclient.ZkConnection.writeDataReturnStat(ZkConnection.java:133)
at org.I0Itec.zkclient.ZkClient$13.call(ZkClient.java:1142)
at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:985)
... 17 more
请问你这个AclCommand.main(cmdPArm);是旧版本里的吗,最近版本的客户端是AdminClient.java里有创建acl的,没找到你的这个AclCommand,在服务端倒是有这个类,请问你实现了用java操作创建修改acl了吗
还通过下面这种方式进行kerberos认证,但还是没什么作用:
// Authenticating Kerberos principal System.out.println("Principal Authentication: "); final String user = "cloudera@CLOUDERA.COM"; final String keyPath = "cloudera.keytab"; UserGroupInformation.loginUserFromKeytab(user, keyPath);用命令的方式,环境是否都是正常的?
如果是正常的,则需要关注环境了,是否加载到了运行中的jvm环境中,jdk的安全限制是否也替换了。
就在刚刚,还是原来的方式可以了,太奇怪了。昨天到今天上午一直都不行。真是让人百思不得其解。
你好,UserGroupInformation这个类需要引入的jar包是哪个?
你好,你用的jar包版本是多少?
Exception in thread "main" java.lang.NoClassDefFoundError: joptsimple/OptionSpec at kafka.admin.AclCommand.main(AclCommand.scala) at com.quantdo.riskPlatform.service.TestThreadPool.main(TestThreadPool.java:26) Caused by: java.lang.ClassNotFoundException: joptsimple.OptionSpec at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 2 more你的答案