quarkus: Kafka Client does not support SASL with JASS
Describe the bug
Kafka SASL is not supported in native mode.
Even with the added set of classes, it fails with:
Caused by: javax.security.sasl.SaslException: Cannot get userid/password [Caused by javax.security.auth.callback.UnsupportedCallbackException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.]
at com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157)
at com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94)
at javax.security.sasl.Sasl.createSaslClient(Sasl.java:433)
at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.lambda$createSaslClient$0(SaslClientAuthenticator.java:183)
at java.security.AccessController.doPrivileged(AccessController.java:144)
at javax.security.auth.Subject.doAs(Subject.java:423)
Current Status
I have added the following code to io.quarkus.kafka.client.deployment.KafkaProcessor.
reflectiveClass.produce(new ReflectiveClassBuildItem(true, false, SaslClientCallbackHandler.class.getName()));
reflectiveClass.produce(new ReflectiveClassBuildItem(true, false, DefaultLogin.class.getName()));
reflectiveClass
.produce(new ReflectiveClassBuildItem(true, false,
AbstractLogin.DefaultLoginCallbackHandler.class.getName()));
reflectiveClass.produce(new ReflectiveClassBuildItem(true, false, PlainLoginModule.class.getName()));
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 1
- Comments: 24 (21 by maintainers)
@cescoffier, we ran into the same problem and worked around it with a custom
SaslClientCallbackHandlerwhich considers the native case whereAccessController.getContext() == null