小白刚刚接触kafka acl验证,求帮忙看下我哪里用错了,为什么acl不起作用,公司的电脑和本地都不可以,kafka版本2.11-0.10.0.1,zk版本3.4.9
[root@xxxxx] /usr/local/kafka$ bin/kafka-acls.sh --authorizer-properties zookeeper.connect=xxxxx:2181/kafka --add --deny-principal User:kafka --deny-host * --operation Write --topic acl-test-4
Adding ACLs for resource Topic:acl-test-4
:
User:kafka has Deny permission for operations: Write from hosts: bin
Current ACLs for resource Topic:acl-test-4
:
User:kafka has Deny permission for operations: Write from hosts: bin
User:kafka has Deny permission for operations: Read from hosts: bin
[root@xxxxx] /usr/local/kafka$ bin/kafka-console-producer.sh --broker-list xxxxx:9092 --topic acl-test-4 --producer.config config/producer.properties
sfs
[2017-07-17 17:51:35,208] WARN Error while fetching metadata with correlation id 0 : {acl-test-4=LEADER_NOT_AVAILABLE} (org.apache.kafka.clients.NetworkClient)
dfdf
ss
[root@xxxxx] /usr/local/kafka$ bin/kafka-console-consumer.sh --bootstrap-server xxxxx:9092 --from-beginning --consumer.config config/consumer.properties --topic acl-test-4 --new-consumer
sfs
dfdf
ss
我已经加了SASL_PLAINTEXT的sasl,kafka_client_jaas.conf设置为
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka"
password="kafka"
user_kafka="kafka";
};
在server.properteis中增加
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
果然可以了,万分感谢
顺便请教下,topic粒度的安全问题有哪些实现方式呢,
https://www.orchome.com/185
你的答案