chia7712 commented on code in PR #18683:
URL: https://github.com/apache/kafka/pull/18683#discussion_r1934364823
##########
clients/src/test/java/org/apache/kafka/common/security/authenticator/ClientAuthenticationFailureTest.java:
##########
@@ -75,6 +76,7 @@ public void setup() throws Exception {
TestJaasConfig testJaasConfig =
TestJaasConfig.createConfiguration("PLAIN", Collections.singletonList("PLAIN"));
testJaasConfig.setClientOptions("PLAIN", TestJaasConfig.USERNAME,
"anotherpassword");
server = createEchoServer(securityProtocol);
+ JaasUtils.allowDefaultJaasAndCustomJass();
Review Comment:
it does not add any other modules, so do we really need it?
##########
core/src/test/scala/integration/kafka/api/SaslSslAdminIntegrationTest.scala:
##########
@@ -70,7 +70,6 @@ class SaslSslAdminIntegrationTest extends
BaseAdminIntegrationTest with SaslSetu
this.serverConfig.setProperty(DelegationTokenManagerConfigs.DELEGATION_TOKEN_SECRET_KEY_CONFIG,
secretKey)
this.serverConfig.setProperty(DelegationTokenManagerConfigs.DELEGATION_TOKEN_EXPIRY_TIME_MS_CONFIG,
Long.MaxValue.toString)
this.serverConfig.setProperty(DelegationTokenManagerConfigs.DELEGATION_TOKEN_MAX_LIFETIME_CONFIG,
Long.MaxValue.toString)
-
Review Comment:
please revert unrelated change
##########
clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java:
##########
@@ -16,13 +16,32 @@
*/
package org.apache.kafka.common.security;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
public final class JaasUtils {
public static final String JAVA_LOGIN_CONFIG_PARAM =
"java.security.auth.login.config";
+ @Deprecated
public static final String DISALLOWED_LOGIN_MODULES_CONFIG =
"org.apache.kafka.disallowed.login.modules";
- public static final String DISALLOWED_LOGIN_MODULES_DEFAULT =
-
"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule";
+ public static final String ALLOWED_LOGIN_MODULES_CONFIG =
"org.apache.kafka.allowed.login.modules";
+ public static final String ALLOWED_LOGIN_MODULES_DEFAULT =
String.join(",", List.of(
+
"org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule",
+ "org.apache.kafka.common.security.plain.PlainLoginModule",
+
"org.apache.kafka.connect.rest.basic.auth.extension.PropertyFileLoginModule",
+ "org.apache.kafka.common.security.scram.ScramLoginModule",
+ "com.sun.security.auth.module.Krb5LoginModule"
+ ));
public static final String SERVICE_NAME = "serviceName";
- private JaasUtils() {}
+ private JaasUtils() {
+ }
+
+ public static void allowDefaultJaasAndCustomJass(String... customJaas) {
+ List<String> jaasModules = new ArrayList<>();
+ jaasModules.add(ALLOWED_LOGIN_MODULES_DEFAULT);
+ jaasModules.addAll(Arrays.asList(customJaas));
+
System.setProperty(org.apache.kafka.common.security.JaasUtils.ALLOWED_LOGIN_MODULES_CONFIG,
String.join(",", jaasModules));
Review Comment:
why to use full package name?
##########
clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslAuthenticatorFailureDelayTest.java:
##########
@@ -74,6 +75,7 @@ public void setup() throws Exception {
credentialCache = new CredentialCache();
SaslAuthenticatorTest.TestLogin.loginCount.set(0);
startTimeMs = time.milliseconds();
+ JaasUtils.allowDefaultJaasAndCustomJass();
Review Comment:
ditto
##########
core/src/test/scala/integration/kafka/api/SaslEndToEndAuthorizationTest.scala:
##########
@@ -46,7 +46,6 @@ abstract class SaslEndToEndAuthorizationTest extends
EndToEndAuthorizationTest {
producerConfig.put(SaslConfigs.SASL_JAAS_CONFIG, clientLoginContext)
consumerConfig.put(SaslConfigs.SASL_JAAS_CONFIG, clientLoginContext)
adminClientConfig.put(SaslConfigs.SASL_JAAS_CONFIG, clientLoginContext)
-
Review Comment:
ditto
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
