root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

MINOR: add docs for "org.apache.kafka.sasl.oauthbearer.allowed.urls" (#18938) 

add docs for "org.apache.kafka.sasl.oauthbearer.allowed.urls"

Reviewers: Chia-Ping Tsai <chia7712@gmail.com>, Manikumar Reddy <manikumar.reddy@gmail.com>
This commit is contained in:
Luke Chen 2025-02-18 17:47:43 +09:00
parent e0580b1ea4
commit 10c849f55d
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/configuration.html
View File

@ -255,6 +255,16 @@
Kafka supports some configuration that can be enabled through Java system properties. System properties are usually set by passing the -D flag to the Java virtual machine in which Kafka components are running.
Below are the supported system properties.
<ul class="config-list">
<li>
<h4><a id="org.apache.kafka.sasl.oauthbearer.allowed.urls"></a><a id="systemproperties_org.apache.kafka.sasl.oauthbearer.allowed.urls" href="#systemproperties_org.apache.kafka.sasl.oauthbearer.allowed.urls">org.apache.kafka.sasl.oauthbearer.allowed.urls</a></h4>
<p>This system property is used to set the allowed URLs as SASL OAUTHBEARER token or jwks endpoints. This property accepts comma-separated list of URLs. By default the value is an empty list.
<p>If users want to enable some URLs, users need to explicitly set the system property like below.
<p><pre><code class="language-bash">-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls=https://www.example.com,file:///tmp/token</code></pre>
<table><tbody>
<tr><th>Since:</th><td>4.0.0</td></tr>
<tr><th>Default Value:</th><td></td></tr>
</tbody></table>
</li>
<li>
<h4><a id="org.apache.kafka.disallowed.login.modules"></a><a id="systemproperties_org.apache.kafka.disallowed.login.modules" href="#systemproperties_org.apache.kafka.disallowed.login.modules">org.apache.kafka.disallowed.login.modules</a></h4>
<p>This system property is used to disable the problematic login modules usage in SASL JAAS configuration. This property accepts comma-separated list of loginModule names. By default <b>com.sun.security.auth.module.JndiLoginModule</b> loginModule is disabled.

5
docs/upgrade.html
View File

@ -22,6 +22,11 @@
<h4><a id="upgrade_4_0_0" href="#upgrade_4_0_0">Upgrading to 4.0.0 from any version 0.8.x through 3.9.x</a></h4>
<h5><a id="upgrade_400_notable" href="#upgrade_400_notable">Notable changes in 4.0.0</a></h5>
<ul>
<li>
Since Apache Kafka 4.0.0, we have added a system property ("org.apache.kafka.sasl.oauthbearer.allowed.urls") to
set the allowed URLs as SASL OAUTHBEARER token or jwks endpoints. By default the value is an empty list.
Users should explicitly set the allowed list if necessary.
</li>
<li>
Old protocol API versions have been removed. Users should ensure brokers are version 2.1 or higher before upgrading the Java clients
(including Connect and Kafka Streams which use the clients internally) to 4.0.