Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to authenticate/authorize a consumer in Kafka for a topic before it consumes the message

Tags:

apache-kafka

kafka-consumer-api

In kafka, is there a way to authenticate / authorize a consumer every time a consumer tries to read a message on a topic that it has subscriber to ?

The use case here is that a consumer should be able to present a auth token to the kafka broker and then, broker should be able to validate that token before letting consumer read a message from the topic.

Is the achievable in kafka ?

like image 834
Hary Avatar asked Jan 23 '18 21:01

Hary

People also ask

How do you authenticate Kafka?

Kafka uses SASL to perform authentication. It currently supports many mechanisms including PLAIN , SCRAM , OAUTH and GSSAPI and it allows administrator to plug custom implementations. Authentication can be enabled between brokers, between clients and brokers and between brokers and ZooKeeper.

How do consumers consumes messages in Kafka?

In Kafka, each topic is divided into a set of logs known as partitions. Producers write to the tail of these logs and consumers read the logs at their own pace. Kafka scales topic consumption by distributing partitions among a consumer group, which is a set of consumers sharing a common group identifier.

How do you know when a Kafka consumer is ready?

You can use consumer. assignment() , it will return set of partitions and verify whether all of the partitions are assigned which are available for that topic.

1 Answers

Kafka provides both pluggable authentication and authorization mechanisms.

For authentication, the process of creating your own logic is described in: Can Kafka be provided with custom LoginModule to support LDAP?

For authorization, you simply need to provide a class that implements the Authorizer interface (https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/security/auth/Authorizer.scala) and set authorizer.class.name to your class in server.properties.

Authentication is only performed when a client connects so if you require validation to happen for every consume action, you'll have to use authorizations.

I suggest you get yourself familiar with Kafka security features and more specifically Authorizations: http://kafka.apache.org/documentation/#security_authz

like image 199
Mickael Maison Avatar answered Sep 29 '22 01:09

Mickael Maison
Sign in to Comment

Related questions

kafka-node LeaderNotAvailable errors on send
Guaranteed delivery of multiple messages to Kafka cluster
kafka log-compaction consuming data
Is there any way to use confluent schema registry with kafka-node module?
How to check if Kafka Consumer is ready
kafka ack=all and min-isr
The group member's supported protocols are incompatible with those of existing members
Spring KafkaListener: How to know when it's ready
Synchronize Data From Multiple Data Sources
AWS MSK - Timeout when creating Kafka topic with ACL turned-on
Message routing in kafka
Kafka 0.10 Java Client TimeoutException: Batch containing 1 record(s) expired
UDF cause warning: CachedKafkaConsumer is not running in UninterruptibleThread (KAFKA-1894)
Use Kafka Streams for windowing data and processing each window at once
Why does kafka streams threads die when the source topic partitions changes ? Can anyone point to reading material around this?
What, exactly happens when a repartition occurs in a kafka stream?
Apache Kafka for Time Series Data Persistence
Can single Kafka producer produce messages to multiple topics and how?
Spring Kafka JsonSerializer usage
How to get back Kafka producer and consumer configuration (Java API)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!