root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

MINOR: Cleanups in JaasUtils (#18522) 

Reviewers: Luke Chen <showuon@gmail.com>, Chia-Ping Tsai <chia7712@gmail.com>
This commit is contained in:
Mickael Maison 2025-01-16 14:07:16 +01:00 committed by Mickael Maison
parent cebba1772b
commit 4038edfafe
2 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
View File

@ -27,7 +27,8 @@ public final class JaasUtils {
private static final Logger LOG = LoggerFactory.getLogger(JaasUtils.class);
public static final String JAVA_LOGIN_CONFIG_PARAM = "java.security.auth.login.config";
public static final String DISALLOWED_LOGIN_MODULES_CONFIG = "org.apache.kafka.disallowed.login.modules";
public static final String DISALLOWED_LOGIN_MODULES_DEFAULT = "com.sun.security.auth.module.JndiLoginModule";
public static final String DISALLOWED_LOGIN_MODULES_DEFAULT =
"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule";
public static final String SERVICE_NAME = "serviceName";
public static final String ZK_SASL_CLIENT = "zookeeper.sasl.client";

28
clients/src/test/java/org/apache/kafka/common/security/JaasContextTest.java
View File

@ -189,6 +189,10 @@ public class JaasContextTest {
String jaasConfigProp1 = "com.sun.security.auth.module.JndiLoginModule required;";
assertThrows(IllegalArgumentException.class, () -> configurationEntry(JaasContext.Type.CLIENT, jaasConfigProp1));
//test LdapLoginModule is not allowed by default
String jaasConfigProp2 = "com.sun.security.auth.module.LdapLoginModule required;";
assertThrows(IllegalArgumentException.class, () -> configurationEntry(JaasContext.Type.CLIENT, jaasConfigProp2));
//test ListenerName Override
writeConfiguration(Arrays.asList(
"KafkaServer { test.LoginModuleDefault required; };",
@ -197,11 +201,19 @@ public class JaasContextTest {
assertThrows(IllegalArgumentException.class, () -> JaasContext.loadServerContext(new ListenerName("plaintext"),
"SOME-MECHANISM", Collections.emptyMap()));
//test ListenerName Override
writeConfiguration(Arrays.asList(
"KafkaServer { test.LoginModuleDefault required; };",
"plaintext.KafkaServer { com.sun.security.auth.module.LdapLoginModule requisite; };"
));
assertThrows(IllegalArgumentException.class, () -> JaasContext.loadServerContext(new ListenerName("plaintext"),
"SOME-MECHANISM", Collections.emptyMap()));
//test org.apache.kafka.disallowed.login.modules system property with multiple modules
System.setProperty(DISALLOWED_LOGIN_MODULES_CONFIG, " com.ibm.security.auth.module.LdapLoginModule , com.ibm.security.auth.module.Krb5LoginModule ");
String jaasConfigProp2 = "com.ibm.security.auth.module.LdapLoginModule required;";
assertThrows(IllegalArgumentException.class, () -> configurationEntry(JaasContext.Type.CLIENT, jaasConfigProp2));
String jaasConfigProp3 = "com.ibm.security.auth.module.LdapLoginModule required;";
assertThrows(IllegalArgumentException.class, () -> configurationEntry(JaasContext.Type.CLIENT, jaasConfigProp3));
//test ListenerName Override
writeConfiguration(Arrays.asList(
@ -216,6 +228,7 @@ public class JaasContextTest {
System.setProperty(DISALLOWED_LOGIN_MODULES_CONFIG, "");
checkConfiguration("com.sun.security.auth.module.JndiLoginModule", LoginModuleControlFlag.REQUIRED, new HashMap<>());
checkConfiguration("com.sun.security.auth.module.LdapLoginModule", LoginModuleControlFlag.REQUIRED, new HashMap<>());
//test ListenerName Override
writeConfiguration(Arrays.asList(
@ -227,6 +240,17 @@ public class JaasContextTest {
assertEquals(1, context.configurationEntries().size());
checkEntry(context.configurationEntries().get(0), "com.sun.security.auth.module.JndiLoginModule",
LoginModuleControlFlag.REQUISITE, Collections.emptyMap());
//test ListenerName Override
writeConfiguration(Arrays.asList(
"KafkaServer { com.sun.security.auth.module.LdapLoginModule required; };",
"plaintext.KafkaServer { com.sun.security.auth.module.LdapLoginModule requisite; };"
));
context = JaasContext.loadServerContext(new ListenerName("plaintext"),
"SOME-MECHANISM", Collections.emptyMap());
assertEquals(1, context.configurationEntries().size());
checkEntry(context.configurationEntries().get(0), "com.sun.security.auth.module.LdapLoginModule",
LoginModuleControlFlag.REQUISITE, Collections.emptyMap());
}
@Test