diff --git a/kafka-streams-samples/kafka-streams-jaas-security/.gitignore b/kafka-streams-samples/kafka-streams-jaas-security/.gitignore new file mode 100644 index 0000000..2af7cef --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/.gitignore @@ -0,0 +1,24 @@ +target/ +!.mvn/wrapper/maven-wrapper.jar + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr + +### NetBeans ### +nbproject/private/ +build/ +nbbuild/ +dist/ +nbdist/ +.nb-gradle/ \ No newline at end of file diff --git a/kafka-streams-samples/kafka-streams-jaas-security/.mvn/wrapper/maven-wrapper.jar b/kafka-streams-samples/kafka-streams-jaas-security/.mvn/wrapper/maven-wrapper.jar new file mode 100644 index 0000000..9cc84ea Binary files /dev/null and b/kafka-streams-samples/kafka-streams-jaas-security/.mvn/wrapper/maven-wrapper.jar differ diff --git a/kafka-streams-samples/kafka-streams-jaas-security/.mvn/wrapper/maven-wrapper.properties b/kafka-streams-samples/kafka-streams-jaas-security/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..c315043 --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1 @@ +distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.0/apache-maven-3.5.0-bin.zip diff --git a/kafka-streams-samples/kafka-streams-jaas-security/README.adoc b/kafka-streams-samples/kafka-streams-jaas-security/README.adoc new file mode 100644 index 0000000..3e184fd --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/README.adoc @@ -0,0 +1,133 @@ +== What is this app? + +This is an example of a Spring Cloud Stream Kafka Streams application against a Kafka broker that is secured. + +=== Secure Kafka with JAAS Security (SASL_PLAINTEXT) + +Download Apache Kafka. Following steps are for version 2.8.0, please update accordingly if you have a different Kafka version. + +`wget https://apache.claz.org/kafka/2.8.0/kafka_2.13-2.8.0.tgz` + +`tar -xvf kafka_2.13-2.8.0.tgz` + +`cd kafka_2.13-2.8.0/config` + +`vi kafka_server_jaas.conf` (Or use your favorite editor). + +Add the following content: + +``` +KafkaServer { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="admin" + password="admin-secret" + user_admin="admin-secret"; +}; + +Client { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="admin" + password="admin-secret"; +}; +``` + +`vi zookeeper_jaas.conf` + +Add the following content: + +``` +Server { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="admin" + password="admin-secret" + user_admin="admin-secret"; +}; +``` + +Edit the `server.properties` file to have the following content: + +``` +security.inter.broker.protocol=SASL_PLAINTEXT +sasl.mechanism.inter.broker.protocol=PLAIN +sasl.enabled.mechanisms=PLAIN + +listeners=SASL_PLAINTEXT://localhost:9092 +advertised.listeners=SASL_PLAINTEXT://localhost:9092 +``` + +Edit the file zookeeper.properties and add the following properties: + +``` +authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider +requireClientAuthScheme=sasl +jaasLoginRenew=3600000 +``` + +Edit the file producer.properties and add the following content: + +``` +security.protocol=SASL_PLAINTEXT +sasl.mechanism=PLAIN +``` + +Edit the file consumer.properties and add the following content: + +``` +security.protocol=SASL_PLAINTEXT +sasl.mechanism=PLAIN +``` + +Terminal 1 + +``` +cd + +$ export KAFKA_OPTS="-Djava.security.auth.login.config=config/zookeeper_jaas.conf" +$ bin/zookeeper-server-start.sh config/zookeeper.properties +``` + +Terminal 2 + +``` +cd + +$ export KAFKA_OPTS="-Djava.security.auth.login.config=config/kafka_server_jaas.conf" +$ .//bin/kafka-server-start.sh config/server.properties +``` + +=== Running the application + +The sample application comes with a Kafka Streams processor and a regular test Kafka consumer. +Kafka Streams processor is the word count application and the test consumer will simply print out the data from the processor output. +In order to see how security is configured for Kafka Streams binder, take a look at the configuration (`application.yml`). + +Go to the root of the repository. + +`./mvnw clean package` + +`java -jar target/kafka-streams-jaas-security-0.0.1-SNAPSHOT.jar` + +Or run it from your preferred IDE. + +=== Verify the application + +Create a file in a local directory (for ex, `/tmp`) that we name as `kafka_client_jaas.conf`. +Add the following content to this file. + +``` +KafkaClient { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="admin" + password="admin-secret"; +}; +``` + +`cd ` + +`export KAFKA_OPTS="-Djava.security.auth.login.config=/tmp/kafka_client_jaas.conf"` + +`./bin/kafka-console-producer.sh --broker-list localhost:9092 --topic words --producer.config=config/producer.properties` + +Enter some sample text at the console producer. + +Now go back to where you are running the app and verify that the test consumer is logging the output data from the Kafka Streams processor. \ No newline at end of file diff --git a/kafka-streams-samples/kafka-streams-jaas-security/docker-compose.yml b/kafka-streams-samples/kafka-streams-jaas-security/docker-compose.yml new file mode 100644 index 0000000..38003e5 --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3' +services: + kafka: + image: wurstmeister/kafka + container_name: kafka-wordcount + ports: + - "9092:9092" + environment: + - KAFKA_ADVERTISED_HOST_NAME=127.0.0.1 + - KAFKA_ADVERTISED_PORT=9092 + - KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 + depends_on: + - zookeeper + zookeeper: + image: wurstmeister/zookeeper + ports: + - "2181:2181" + environment: + - KAFKA_ADVERTISED_HOST_NAME=zookeeper diff --git a/kafka-streams-samples/kafka-streams-jaas-security/mvnw b/kafka-streams-samples/kafka-streams-jaas-security/mvnw new file mode 100755 index 0000000..2d1e3cf --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/mvnw @@ -0,0 +1,225 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Maven2 Start Up Batch script +# +# Required ENV vars: +# ------------------ +# JAVA_HOME - location of a JDK home dir +# +# Optional ENV vars +# ----------------- +# M2_HOME - location of maven2's installed home dir +# MAVEN_OPTS - parameters passed to the Java VM when running Maven +# e.g. to debug Maven itself, use +# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +# MAVEN_SKIP_RC - flag to disable loading of mavenrc files +# ---------------------------------------------------------------------------- + +if [ -z "$MAVEN_SKIP_RC" ] ; then + + if [ -f /etc/mavenrc ] ; then + . /etc/mavenrc + fi + + if [ -f "$HOME/.mavenrc" ] ; then + . "$HOME/.mavenrc" + fi + +fi + +# OS specific support. $var _must_ be set to either true or false. +cygwin=false; +darwin=false; +mingw=false +case "`uname`" in + CYGWIN*) cygwin=true ;; + MINGW*) mingw=true;; + Darwin*) darwin=true + # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home + # See https://developer.apple.com/library/mac/qa/qa1170/_index.html + if [ -z "$JAVA_HOME" ]; then + if [ -x "/usr/libexec/java_home" ]; then + export JAVA_HOME="`/usr/libexec/java_home`" + else + export JAVA_HOME="/Library/Java/Home" + fi + fi + ;; +esac + +if [ -z "$JAVA_HOME" ] ; then + if [ -r /etc/gentoo-release ] ; then + JAVA_HOME=`java-config --jre-home` + fi +fi + +if [ -z "$M2_HOME" ] ; then + ## resolve links - $0 may be a link to maven's home + PRG="$0" + + # need this for relative symlinks + while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG="`dirname "$PRG"`/$link" + fi + done + + saveddir=`pwd` + + M2_HOME=`dirname "$PRG"`/.. + + # make it fully qualified + M2_HOME=`cd "$M2_HOME" && pwd` + + cd "$saveddir" + # echo Using m2 at $M2_HOME +fi + +# For Cygwin, ensure paths are in UNIX format before anything is touched +if $cygwin ; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --unix "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +# For Migwn, ensure paths are in UNIX format before anything is touched +if $mingw ; then + [ -n "$M2_HOME" ] && + M2_HOME="`(cd "$M2_HOME"; pwd)`" + [ -n "$JAVA_HOME" ] && + JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" + # TODO classpath? +fi + +if [ -z "$JAVA_HOME" ]; then + javaExecutable="`which javac`" + if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then + # readlink(1) is not available as standard on Solaris 10. + readLink=`which readlink` + if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then + if $darwin ; then + javaHome="`dirname \"$javaExecutable\"`" + javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" + else + javaExecutable="`readlink -f \"$javaExecutable\"`" + fi + javaHome="`dirname \"$javaExecutable\"`" + javaHome=`expr "$javaHome" : '\(.*\)/bin'` + JAVA_HOME="$javaHome" + export JAVA_HOME + fi + fi +fi + +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + else + JAVACMD="`which java`" + fi +fi + +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." >&2 + echo " We cannot execute $JAVACMD" >&2 + exit 1 +fi + +if [ -z "$JAVA_HOME" ] ; then + echo "Warning: JAVA_HOME environment variable is not set." +fi + +CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher + +# traverses directory structure from process work directory to filesystem root +# first directory with .mvn subdirectory is considered project base directory +find_maven_basedir() { + + if [ -z "$1" ] + then + echo "Path not specified to find_maven_basedir" + return 1 + fi + + basedir="$1" + wdir="$1" + while [ "$wdir" != '/' ] ; do + if [ -d "$wdir"/.mvn ] ; then + basedir=$wdir + break + fi + # workaround for JBEAP-8937 (on Solaris 10/Sparc) + if [ -d "${wdir}" ]; then + wdir=`cd "$wdir/.."; pwd` + fi + # end of workaround + done + echo "${basedir}" +} + +# concatenates all lines of a file +concat_lines() { + if [ -f "$1" ]; then + echo "$(tr -s '\n' ' ' < "$1")" + fi +} + +BASE_DIR=`find_maven_basedir "$(pwd)"` +if [ -z "$BASE_DIR" ]; then + exit 1; +fi + +export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} +echo $MAVEN_PROJECTBASEDIR +MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" + +# For Cygwin, switch paths to Windows format before running java +if $cygwin; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --path --windows "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + [ -n "$MAVEN_PROJECTBASEDIR" ] && + MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` +fi + +WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +exec "$JAVACMD" \ + $MAVEN_OPTS \ + -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ + "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ + ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/kafka-streams-samples/kafka-streams-jaas-security/mvnw.cmd b/kafka-streams-samples/kafka-streams-jaas-security/mvnw.cmd new file mode 100644 index 0000000..86846ae --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/mvnw.cmd @@ -0,0 +1,143 @@ +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM https://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Maven2 Start Up Batch script +@REM +@REM Required ENV vars: +@REM JAVA_HOME - location of a JDK home dir +@REM +@REM Optional ENV vars +@REM M2_HOME - location of maven2's installed home dir +@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands +@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending +@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven +@REM e.g. to debug Maven itself, use +@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files +@REM ---------------------------------------------------------------------------- + +@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' +@echo off +@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' +@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% + +@REM set %HOME% to equivalent of $HOME +if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") + +@REM Execute a user defined script before this one +if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre +@REM check for pre script, once with legacy .bat ending and once with .cmd ending +if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" +if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" +:skipRcPre + +@setlocal + +set ERROR_CODE=0 + +@REM To isolate internal variables from possible post scripts, we use another setlocal +@setlocal + +@REM ==== START VALIDATION ==== +if not "%JAVA_HOME%" == "" goto OkJHome + +echo. +echo Error: JAVA_HOME not found in your environment. >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +:OkJHome +if exist "%JAVA_HOME%\bin\java.exe" goto init + +echo. +echo Error: JAVA_HOME is set to an invalid directory. >&2 +echo JAVA_HOME = "%JAVA_HOME%" >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +@REM ==== END VALIDATION ==== + +:init + +@REM Find the project base dir, i.e. the directory that contains the folder ".mvn". +@REM Fallback to current working directory if not found. + +set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% +IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir + +set EXEC_DIR=%CD% +set WDIR=%EXEC_DIR% +:findBaseDir +IF EXIST "%WDIR%"\.mvn goto baseDirFound +cd .. +IF "%WDIR%"=="%CD%" goto baseDirNotFound +set WDIR=%CD% +goto findBaseDir + +:baseDirFound +set MAVEN_PROJECTBASEDIR=%WDIR% +cd "%EXEC_DIR%" +goto endDetectBaseDir + +:baseDirNotFound +set MAVEN_PROJECTBASEDIR=%EXEC_DIR% +cd "%EXEC_DIR%" + +:endDetectBaseDir + +IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig + +@setlocal EnableExtensions EnableDelayedExpansion +for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a +@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% + +:endReadAdditionalConfig + +SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" + +set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" +set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* +if ERRORLEVEL 1 goto error +goto end + +:error +set ERROR_CODE=1 + +:end +@endlocal & set ERROR_CODE=%ERROR_CODE% + +if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost +@REM check for post script, once with legacy .bat ending and once with .cmd ending +if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" +if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" +:skipRcPost + +@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' +if "%MAVEN_BATCH_PAUSE%" == "on" pause + +if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% + +exit /B %ERROR_CODE% diff --git a/kafka-streams-samples/kafka-streams-jaas-security/pom.xml b/kafka-streams-samples/kafka-streams-jaas-security/pom.xml new file mode 100644 index 0000000..9fae05f --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/pom.xml @@ -0,0 +1,140 @@ + + + 4.0.0 + + kafka-streams-jaas-security + 0.0.1-SNAPSHOT + jar + kafka-streams-jaas-security + Demo project for Spring Boot + + + org.springframework.boot + spring-boot-starter-parent + 2.4.4 + + + + + 2020.0.4-SNAPSHOT + + + + + + org.springframework.cloud + spring-cloud-dependencies + ${spring-cloud.version} + pom + import + + + + + + + org.springframework.cloud + spring-cloud-stream-binder-kafka-streams + + + org.springframework.cloud + spring-cloud-stream-binder-kafka + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.kafka + spring-kafka-test + test + + + org.apache.kafka + kafka-streams-test-utils + ${kafka.version} + test + + + + org.springframework.boot + spring-boot-starter-actuator + + + org.springframework.boot + spring-boot-starter + + + org.springframework.boot + spring-boot-starter-web + + + org.junit.vintage + junit-vintage-engine + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + + + spring-snapshots + Spring Snapshots + https://repo.spring.io/libs-snapshot-local + + true + + + false + + + + spring-milestones + Spring Milestones + https://repo.spring.io/libs-milestone-local + + false + + + + + + spring-snapshots + Spring Snapshots + https://repo.spring.io/libs-snapshot-local + + true + + + false + + + + spring-milestones + Spring Milestones + https://repo.spring.io/libs-milestone-local + + false + + + + spring-releases + Spring Releases + https://repo.spring.io/libs-release-local + + false + + + + + diff --git a/kafka-streams-samples/kafka-streams-jaas-security/src/main/java/kafka/streams/word/count/KafkaStreamsWordCountApplication.java b/kafka-streams-samples/kafka-streams-jaas-security/src/main/java/kafka/streams/word/count/KafkaStreamsWordCountApplication.java new file mode 100644 index 0000000..c4d8fc3 --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/src/main/java/kafka/streams/word/count/KafkaStreamsWordCountApplication.java @@ -0,0 +1,131 @@ +/* + * Copyright 2021 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package kafka.streams.word.count; + +import java.time.Duration; +import java.util.Arrays; +import java.util.Date; +import java.util.function.Consumer; +import java.util.function.Function; + +import org.apache.kafka.common.serialization.Serdes; +import org.apache.kafka.common.utils.Bytes; +import org.apache.kafka.streams.KeyValue; +import org.apache.kafka.streams.kstream.Grouped; +import org.apache.kafka.streams.kstream.KStream; +import org.apache.kafka.streams.kstream.Materialized; +import org.apache.kafka.streams.kstream.TimeWindows; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Bean; + +@SpringBootApplication +public class KafkaStreamsWordCountApplication { + + public static void main(String[] args) { + SpringApplication.run(KafkaStreamsWordCountApplication.class, args); + } + + public static class WordCountProcessorApplication { + + public static final int WINDOW_SIZE_MS = 30_000; + + @Bean + public Function, KStream> process() { + + return input -> input + .flatMapValues(value -> Arrays.asList(value.toLowerCase().split("\\W+"))) + .map((key, value) -> new KeyValue<>(value, value)) + .groupByKey(Grouped.with(Serdes.String(), Serdes.String())) + .windowedBy(TimeWindows.of(Duration.ofMillis(WINDOW_SIZE_MS))) + .count(Materialized.as("WordCounts-1")) + .toStream() + .map((key, value) -> new KeyValue<>(null, new WordCount(key.key(), value, new Date(key.window().start()), new Date(key.window().end())))); + } + + @Bean + public Consumer hello() { + return System.out::println; + } + } + + static class WordCount { + + private String word; + + private long count; + + private Date start; + + private Date end; + + @Override + public String toString() { + final StringBuffer sb = new StringBuffer("WordCount{"); + sb.append("word='").append(word).append('\''); + sb.append(", count=").append(count); + sb.append(", start=").append(start); + sb.append(", end=").append(end); + sb.append('}'); + return sb.toString(); + } + + WordCount() { + + } + + WordCount(String word, long count, Date start, Date end) { + this.word = word; + this.count = count; + this.start = start; + this.end = end; + } + + public String getWord() { + return word; + } + + public void setWord(String word) { + this.word = word; + } + + public long getCount() { + return count; + } + + public void setCount(long count) { + this.count = count; + } + + public Date getStart() { + return start; + } + + public void setStart(Date start) { + this.start = start; + } + + public Date getEnd() { + return end; + } + + public void setEnd(Date end) { + this.end = end; + } + } +} diff --git a/kafka-streams-samples/kafka-streams-jaas-security/src/main/resources/application.yml b/kafka-streams-samples/kafka-streams-jaas-security/src/main/resources/application.yml new file mode 100644 index 0000000..3e9d29f --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/src/main/resources/application.yml @@ -0,0 +1,31 @@ +spring.cloud.stream: + function: + definition: process;hello + bindings: + process-in-0.destination: words + process-out-0.destination: counts + hello-in-0.destination: counts + kafka: + streams: + binder: + applicationId: hello-word-count-sample + jaas: + loginModule: org.apache.kafka.common.security.plain.PlainLoginModule + options: + username: admin + password: admin-secret + configuration: + commit.interval.ms: 100 + security.protocol: SASL_PLAINTEXT + sasl.mechanism: PLAIN + #The following is for the test consumer (that is based on the regular Kafka binder). + #This is not needed for Kafka Streams apps, but in order to test the processor using the consumer, we need this. + binder: + jaas: + loginModule: org.apache.kafka.common.security.plain.PlainLoginModule + options: + username: admin + password: admin-secret + configuration: + security.protocol: SASL_PLAINTEXT + sasl.mechanism: PLAIN \ No newline at end of file diff --git a/kafka-streams-samples/kafka-streams-jaas-security/src/main/resources/logback.xml b/kafka-streams-samples/kafka-streams-jaas-security/src/main/resources/logback.xml new file mode 100644 index 0000000..870ac9e --- /dev/null +++ b/kafka-streams-samples/kafka-streams-jaas-security/src/main/resources/logback.xml @@ -0,0 +1,12 @@ + + + + + %d{ISO8601} %5p %t %c{2}:%L - %m%n + + + + + + + \ No newline at end of file diff --git a/kafka-streams-samples/pom.xml b/kafka-streams-samples/pom.xml index 50fcc2f..ab7a27f 100644 --- a/kafka-streams-samples/pom.xml +++ b/kafka-streams-samples/pom.xml @@ -24,6 +24,7 @@ kafka-streams-inventory-count kafka-streams-metrics-demo kafka-streams-destination-pattern + kafka-streams-jaas-security