问题
I am referring to JAAS Login Configuration File. It talks about 2 ways to specify which login configuration file to be used:
- The first approach where we set the
jaas.confthrough VM argjava.security.auth.login.config. - Second through the security properties file is the
java.securityfile located in thelib/securitydirectory of the JRE. In the second approach we can specify multiple files.
Is there a way to specify multiple jaas.conf files using the first approach of setting VM arg java.security.auth.login.config? Or if you have any other suggestion on solving the issue.
Background:
The issue which I am facing is: we have 2 different type of Kafka events (say ABC and XYZ) and their corresponding jaas.conf with diffrent Keytab and principal. When it wants to publish ABC it sets the java.security.auth.login.config property to ABC's jaas.conf and change to XYZ's jaas.conf when we want to publish that.
However the above logic has some issue and it fails with org.springframework.kafka.core.KafkaProducerException: Failed to send; nested exception is org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics for the second event that it tries to publish. An initial look at the cause looks like even for second event it tries to use the jaas.conf of the first one.
Stacktrace:
org.springframework.kafka.core.KafkaProducerException: Failed to send; nested exception is org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [XYZ]
at org.springframework.kafka.core.KafkaTemplate$1.onCompletion(KafkaTemplate.java:341)
at org.apache.kafka.clients.producer.KafkaProducer.doSend(KafkaProducer.java:827)
at org.apache.kafka.clients.producer.KafkaProducer.send(KafkaProducer.java:768)
at org.springframework.kafka.core.DefaultKafkaProducerFactory$CloseSafeProducer.send(DefaultKafkaProducerFactory.java:272)
at org.springframework.kafka.core.KafkaTemplate.doSend(KafkaTemplate.java:327)
at org.springframework.kafka.core.KafkaTemplate.send(KafkaTemplate.java:197)
来源:https://stackoverflow.com/questions/58313628/kafka-topicauthorizationexception-due-to-incorrect-jaas-conf