Help Center/ MapReduce Service/ Developer Guide (LTS)/ Kafka Development Guide (Security Mode)/ Application Commissioning/ Sample Code Running Guide for the Kafka Token Authentication Mechanism
Updated on 2024-04-02 GMT+08:00

Sample Code Running Guide for the Kafka Token Authentication Mechanism

Procedure

  1. Configure Kafka Token Authentication on the Kafka server.

    1. Log in to FusionInsight Manager and choose Cluster > Services > Kafka. Click Configurations.
    2. Enable the token authentication mechanism.

      Find the delegation.token.master.key parameter, which specifies the master key used to generate and verify tokens. Check whether the parameter has been configured. If it has been configured, and the value is not null, the token authentication mechanism has been enabled and does not need to be reconfigured. If the token authentication mechanism is configured again, the original token cannot be used.

      The value of delegation.token.master.key can be customized, for example, Tokentest.

    3. Specify the SASL authentication mechanism used for the service.

      Find the sasl.enabled.mechanisms parameter and set it to GSSAPI,SCRAM-SHA-256,SCRAM-SHA-512. Use commas (,) to separate the three items.

    4. Log in to a component using Scram.

      Find the custom parameter kafka.config.expandor and set its name to listener.name.sasl_plaintext.scram-sha-512.sasl.jaas.config. Set the value to org.apache.kafka.common.security.scram.ScramLoginModule required;.

    5. Log in to FusionInsight Manager and restart all Broker instances of the Kafka service.

  2. Configure Kafka Token Authentication on the Kafka client.

    Generate a token for the user. For details, see Kafka Token Authentication Mechanism Tool Usage.

  3. Configure the secondary development sample project.

    Configure the required sample codes in Producer() and Consumer() of the secondary development sample project. For details about the required sample codes, see Kafka Token Authentication.

  4. Run the sample code.