How to create Kafka Kerberos Java consumer

Suppose that you need to create Kafka Java consumer with Kerberos. The code will be:

public KafkaConsumer<String, String> createKafkaKerberosConsumer(String groupID) {
    Properties props = new Properties();
    props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, "localhost:3991");
    props.put(ConsumerConfig.GROUP_ID_CONFIG, groupID);
    props.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_PLAINTEXT");
    props.put(SaslConfigs.SASL_KERBEROS_SERVICE_NAME, "HTTP");
    props.put(SaslConfigs.SASL_JAAS_CONFIG, kafkaJaasConfiguration());
    props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
    props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
    return new KafkaConsumer<String, String>(props);
}

private String kafkaJaasConfiguration() {
    return "com.sun.security.auth.module.Krb5LoginModule required " +
            "useKeyTab=true " +
            "keyTab=\"/path/to/keytab/name.keytab\" " +
            "storeKey=false " +
            "debug=false " +
            "principal=\"userprincipal@REALM\";";
}

You don’t need to specify java.security.auth.login.config Java property, because we set SaslConfigs.SASL_JAAS_CONFIG property directly to the consumer.

You just need to made changes in kafkaJaasConfiguration() method that necessary for your Kerberos configuration.

Telegram channel

If you still have any questions, feel free to ask me in the comments under this article or write me at promark33@gmail.com.

If I saved your day, you can support me 🤝

Leave a Reply

Your email address will not be published. Required fields are marked *

                   Mark Chesnavsky. Email me or connect via LinkedIn.