1. 首页
  2. 问题
  3. 在Spring Boot application.yml中设置Spring Kafka SSL
小编典典

在Spring Boot application.yml中设置Spring Kafka SSL

spring-boot

我正在尝试使用Kafka客户端设置Spring
Boot应用程序以使用SSL。因为这个原因,我将我的keystore.jks和truststore.jks存储在文件系统上(在Docker容器上):https : //github.com/spring-projects/spring-
kafka/issues/710

这是我的application.yml:

spring:
  kafka:
      ssl:
        key-password: pass
        keystore-location: /tmp/kafka.client.keystore.jks
        keystore-password: pass
        truststore-location: /tmp/kafka.client.truststore.jks
        truststore-password: pass

但是,当我启动应用程序(在Docker容器中)时,它说:

Caused by: java.lang.IllegalStateException: Resource 'class path resource [tmp/kafka.client.keystore.jks]' must be on a file system
[..]
Caused by: java.io.FileNotFoundException: class path resource [tmp/kafka.client.keystore.jks] cannot be resolved to URL because it does not exist

我检查了容器,并在/ tmp中找到.jks。

我不明白如何将.jks传递给spring boot。

更新 06/07/2018

这是我的dockerfile

FROM openjdk:8-jdk-alpine
VOLUME /tmp
COPY ssl/kafka.client.keystore.jks /tmp
COPY ssl/kafka.client.truststore.jks /tmp
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]

阅读 1542

收藏
2020-05-30

共1个答案

小编典典

根据讨论并启用kafka ssl配置,首先需要在ConsumerFactory中启用和设置ssl属性

@Bean
public ConsumerFactory<String, ReportingTask> consumerFactory() {
    Map<String, Object> props = new HashMap<>();
    props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, bootstrapServers);
    props.put(ConsumerConfig.GROUP_ID_CONFIG, groupId);
    props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
    props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, JsonSerializable.class);
    props.put(ConsumerConfig.CLIENT_ID_CONFIG, clientId);
    props.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, enableAutoCommit);
    props.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, autoCommitInterval);
    props.put(ConsumerConfig.SESSION_TIMEOUT_MS_CONFIG, sessionTimeout);
    props.put(ConsumerConfig.MAX_POLL_RECORDS_CONFIG, maxRecords);
    props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, offSet);
    if (sslEnabled) {
        props.put("security.protocol", "SSL");
        props.put("ssl.truststore.location", trustStoreLocation);
        props.put("ssl.truststore.password", trustStorePassword);

        props.put("ssl.key.password", keyStorePassword);
        props.put("ssl.keystore.password", keyStorePassword);
        props.put("ssl.keystore.location", keyStoreLocation);
    }
    return new DefaultKafkaConsumerFactory<>(props, new StringDeserializer(), new JsonDeserializer<>(Task.class));
}

并将证书复制到Docker容器中

COPY ssl/stage/* /var/lib/kafka/stage/
2020-05-30