Kafka
  1. Kafka
  2. KAFKA-859

support basic auth protection of mx4j console

    Details

    • Type: Improvement Improvement
    • Status: Patch Available
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 0.8.0
    • Fix Version/s: None
    • Component/s: core
    • Labels:
      None

      Description

      Support configuration of a basic auth username and password to protect the mx4j console.

        Activity

        Hide
        Scott Clasen added a comment -


        core/src/main/scala/kafka/utils/Mx4jLoader.scala | 23 +++++++++++++++++++----
        1 file changed, 19 insertions, 4 deletions

        diff --git a/core/src/main/scala/kafka/utils/Mx4jLoader.scala b/core/src/main/scala/kafka/utils/Mx4jLoader.scala
        index 64d84cc..539433d 100644
        — a/core/src/main/scala/kafka/utils/Mx4jLoader.scala
        +++ b/core/src/main/scala/kafka/utils/Mx4jLoader.scala
        @@ -5,8 +5,8 @@

        • The ASF licenses this file to You under the Apache License, Version 2.0
        • (the "License"); you may not use this file except in compliance with
        • the License. You may obtain a copy of the License at
        • Unless required by applicable law or agreed to in writing, software
        • distributed under the License is distributed on an "AS IS" BASIS,
          @@ -20,16 +20,18 @@ package kafka.utils

        import java.lang.management.ManagementFactory
        import javax.management.ObjectName
        +import util.Properties

        /**

        • If mx4j-tools is in the classpath call maybeLoad to load the HTTP interface of mx4j.
          *
        • The default port is 8082. To override that provide e.g. -Dmx4jport=8083
        • The default listen address is 0.0.0.0. To override that provide -Dmx4jaddress=127.0.0.1
          + * To set a basic auth username and password, specify -Dmx4jcredentials=user:pass
        • This feature must be enabled with -Dmx4jenable=true
          *
        • This is a Scala port of org.apache.cassandra.utils.Mx4jTool written by Ran Tavory for CASSANDRA-1068
        • * */
          + **/
          object Mx4jLoader extends Logging {

        def maybeLoad(): Boolean = {
        @@ -38,9 +40,16 @@ object Mx4jLoader extends Logging {
        false
        val address = props.getString("mx4jaddress", "0.0.0.0")
        val port = props.getInt("mx4jport", 8082)
        +
        +
        try {
        debug("Will try to load MX4j now, if it's in the classpath");

        + val creds = Properties.propOrNone("mx4jcredentials").map(_.split(":", 2)).flatMap

        { + case Array(user, pass) => Some((user, pass)) + case _ => throw new RuntimeException("Couldn't parse mx4jcredentials, please format correctly. user:password") + }

        +
        val mbs = ManagementFactory.getPlatformMBeanServer()
        val processorName = new ObjectName("Server:name=XSLTProcessor")

        @@ -49,6 +58,12 @@ object Mx4jLoader extends Logging {
        httpAdaptorClass.getMethod("setHost", classOf[String]).invoke(httpAdaptor, address.asInstanceOf[AnyRef])
        httpAdaptorClass.getMethod("setPort", Integer.TYPE).invoke(httpAdaptor, port.asInstanceOf[AnyRef])

        + creds.foreach

        { + case (user, pass) => + httpAdaptorClass.getMethod("setAuthenticationMethod", classOf[String]).invoke(httpAdaptor, "basic".asInstanceOf[AnyRef]) + httpAdaptorClass.getMethod("addAuthorization", classOf[String], classOf[String]).invoke(httpAdaptor, user.asInstanceOf[AnyRef], pass.asInstanceOf[AnyRef]) + }

        +
        val httpName = new ObjectName("system:name=http")
        mbs.registerMBean(httpAdaptor, httpName)

        @@ -61,7 +76,7 @@ object Mx4jLoader extends Logging

        { true }

        catch {

        • case e: ClassNotFoundException => {
          + case e: ClassNotFoundException => { info("Will not load MX4J, mx4j-tools.jar is not in the classpath"); }

          case e => {

          1.8.0.1

        Show
        Scott Clasen added a comment - — core/src/main/scala/kafka/utils/Mx4jLoader.scala | 23 +++++++++++++++++++---- 1 file changed, 19 insertions , 4 deletions diff --git a/core/src/main/scala/kafka/utils/Mx4jLoader.scala b/core/src/main/scala/kafka/utils/Mx4jLoader.scala index 64d84cc..539433d 100644 — a/core/src/main/scala/kafka/utils/Mx4jLoader.scala +++ b/core/src/main/scala/kafka/utils/Mx4jLoader.scala @@ -5,8 +5,8 @@ The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 + * + * http://www.apache.org/licenses/LICENSE-2.0 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -20,16 +20,18 @@ package kafka.utils import java.lang.management.ManagementFactory import javax.management.ObjectName +import util.Properties /** If mx4j-tools is in the classpath call maybeLoad to load the HTTP interface of mx4j. * The default port is 8082. To override that provide e.g. -Dmx4jport=8083 The default listen address is 0.0.0.0. To override that provide -Dmx4jaddress=127.0.0.1 + * To set a basic auth username and password, specify -Dmx4jcredentials=user:pass This feature must be enabled with -Dmx4jenable=true * This is a Scala port of org.apache.cassandra.utils.Mx4jTool written by Ran Tavory for CASSANDRA-1068 * */ + **/ object Mx4jLoader extends Logging { def maybeLoad(): Boolean = { @@ -38,9 +40,16 @@ object Mx4jLoader extends Logging { false val address = props.getString("mx4jaddress", "0.0.0.0") val port = props.getInt("mx4jport", 8082) + + try { debug("Will try to load MX4j now, if it's in the classpath"); + val creds = Properties.propOrNone("mx4jcredentials").map(_.split(":", 2)).flatMap { + case Array(user, pass) => Some((user, pass)) + case _ => throw new RuntimeException("Couldn't parse mx4jcredentials, please format correctly. user:password") + } + val mbs = ManagementFactory.getPlatformMBeanServer() val processorName = new ObjectName("Server:name=XSLTProcessor") @@ -49,6 +58,12 @@ object Mx4jLoader extends Logging { httpAdaptorClass.getMethod("setHost", classOf [String] ).invoke(httpAdaptor, address.asInstanceOf [AnyRef] ) httpAdaptorClass.getMethod("setPort", Integer.TYPE).invoke(httpAdaptor, port.asInstanceOf [AnyRef] ) + creds.foreach { + case (user, pass) => + httpAdaptorClass.getMethod("setAuthenticationMethod", classOf[String]).invoke(httpAdaptor, "basic".asInstanceOf[AnyRef]) + httpAdaptorClass.getMethod("addAuthorization", classOf[String], classOf[String]).invoke(httpAdaptor, user.asInstanceOf[AnyRef], pass.asInstanceOf[AnyRef]) + } + val httpName = new ObjectName("system:name=http") mbs.registerMBean(httpAdaptor, httpName) @@ -61,7 +76,7 @@ object Mx4jLoader extends Logging { true } catch { case e: ClassNotFoundException => { + case e: ClassNotFoundException => { info("Will not load MX4J, mx4j-tools.jar is not in the classpath"); } case e => { – 1.8.0.1
        Hide
        Neha Narkhede added a comment -

        Is it possible to add a unit test for this ?

        Show
        Neha Narkhede added a comment - Is it possible to add a unit test for this ?
        Hide
        Scott Clasen added a comment -

        Not sure its possible/desirable.

        Since current kafka practice is to downolad mx4j-tools.jar and put it on the classpath for this code to be invoked, that jar would have to be included in the kafka codebase wouldn't it?

        Would you want that jar checked in?

        Show
        Scott Clasen added a comment - Not sure its possible/desirable. Since current kafka practice is to downolad mx4j-tools.jar and put it on the classpath for this code to be invoked, that jar would have to be included in the kafka codebase wouldn't it? Would you want that jar checked in?

          People

          • Assignee:
            Unassigned
            Reporter:
            Scott Clasen
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Development