Add Kafka Java client examples for KoP with token authentication (#71)

NOTE: The token authentication in KoP is just the PLAIN mechanism.

Author: BewareMyPower

.gitignore

@@ -30,3 +30,4 @@ target/
 
 # Intellij
 .idea
+*.iml

kop/README.md

@@ -0,0 +1,7 @@
+# Overview
+
+This directory includes examples of how Kafka clients connect to a KoP cluster through the Token authentication plugin.
+
+- Supported Kafka clients
+  - [Java client](https://github.com/streamnative/pulsar-examples/tree/master/kop/java) 
+  - TODO: examples of other clients should be added

kop/java/README.md

@@ -0,0 +1,66 @@
+# Overview
+
+This document describes how to produce messages to and consume messages from a KoP cluster using the Kafka client.
+
+# Prerequisites
+
+- Java 1.8 or higher version
+- Maven
+
+> **NOTE**
+>
+> This example uses Kafka client 2.0.0. If you want to use another version of Kafka client, you can change the `kafka.version` property in `pom.xml` file. Kafka client version 1.0.0 - 2.6.0 are supported.
+
+# Example
+
+See [KoP Security](https://github.com/streamnative/kop/blob/master/docs/security.md) for how to configure KoP with token authentication. This example takes a topic named `my-topic` under `public/default` namespace as reference.
+
+1. Grant produce and consume permissions to the specific role.
+
+   ```bash
+   bin/pulsar-admin namespaces grant-permission public/default \
+     --role <role> \
+     --actions produce,consume
+   ```
+
+   > **NOTE**
+   >
+   > The `conf/client.conf` should be configured. For details, see [Configure CLI Tools](http://pulsar.apache.org/docs/en/security-jwt/#cli-tools).
+
+2. Configure the token in [token.properties](src/main/resources/token.properties).
+
+   ```properties
+   topic=persistent://public/default/my-topic
+   namespace=public/default
+   token=token:<token-of-the-role>
+   ```
+
+3. Compile the project.
+
+   ```
+   mvn clean compile
+   ```
+
+4. Run a Kafka producer to produce a `hello` message.
+
+   ```bash
+   mvn exec:java -Dexec.mainClass=io.streamnative.examples.kafka.TokenProducer
+   ```
+
+   **Output:**
+
+   ```
+   Send hello to persistent://public/default/my-topic-0@0
+   ```
+
+5. Run a Kafka consumer to consume some messages.
+
+   ```bash
+   mvn exec:java -Dexec.mainClass=io.streamnative.examples.kafka.TokenConsumer
+   ```
+
+   **Output:**
+
+   ```
+   Receive record: hello from persistent://public/default/my-topic-0@0
+   ```

kop/java/pom.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>org.example</groupId>
+  <artifactId>java</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <properties>
+    <kafka.version>2.0.0</kafka.version>
+    <slf4j.simple.version>1.7.30</slf4j.simple.version>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.kafka</groupId>
+      <artifactId>kafka-clients</artifactId>
+      <version>${kafka.version}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-simple</artifactId>
+      <version>${slf4j.simple.version}</version>
+      <scope>runtime</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <configuration>
+          <source>8</source>
+          <target>8</target>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+</project>

kop/java/src/main/java/io/streamnative/examples/kafka/TokenConsumer.java

@@ -0,0 +1,66 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.streamnative.examples.kafka;
+
+import java.io.IOException;
+import java.time.Duration;
+import java.util.Collections;
+import java.util.Properties;
+import org.apache.kafka.clients.consumer.ConsumerConfig;
+import org.apache.kafka.clients.consumer.ConsumerRecords;
+import org.apache.kafka.clients.consumer.KafkaConsumer;
+import org.apache.kafka.common.serialization.StringDeserializer;
+
+/**
+ * A token authentication example of Kafka consumer.
+ */
+public class TokenConsumer {
+    public static void main(String[] args) throws IOException {
+        // 1. Get the configured parameters from token.properties
+        final Properties tokenProps = new Properties();
+        tokenProps.load(TokenProducer.class.getClassLoader().getResourceAsStream("token.properties"));
+        final String bootstrapServers = tokenProps.getProperty("bootstrap.servers");
+        final String topic = tokenProps.getProperty("topic");
+        final String group = tokenProps.getProperty("group");
+        final String namespace = tokenProps.getProperty("namespace");
+        final String token = tokenProps.getProperty("token");
+
+        // 2. Create a consumer with token authentication, which is equivalent to SASL/PLAIN mechanism in Kafka
+        final Properties props = new Properties();
+        props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, bootstrapServers);
+        props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
+        props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
+        props.put(ConsumerConfig.GROUP_ID_CONFIG, group);
+        props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest");
+        props.put("security.protocol", "SASL_PLAINTEXT");
+        props.put("sasl.mechanism", "PLAIN");
+        props.put("sasl.jaas.config", String.format(
+                "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"%s\" password=\"%s\";",
+                namespace, token));
+        final KafkaConsumer<String, String> consumer = new KafkaConsumer<>(props);
+        consumer.subscribe(Collections.singleton(topic));
+
+        // 3. Consume some messages and quit immediately
+        boolean running = true;
+        while (running) {
+            final ConsumerRecords<String, String> records = consumer.poll(Duration.ofSeconds(1));
+            if (!records.isEmpty()) {
+                records.forEach(record -> System.out.println("Receive record: " + record.value() + " from "
+                        + record.topic() + "-" + record.partition() + "@" + record.offset()));
+                running = false;
+            }
+        }
+        consumer.close();
+    }
+}

kop/java/src/main/java/io/streamnative/examples/kafka/TokenProducer.java

@@ -0,0 +1,57 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.streamnative.examples.kafka;
+
+import java.io.IOException;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+import org.apache.kafka.clients.producer.KafkaProducer;
+import org.apache.kafka.clients.producer.ProducerConfig;
+import org.apache.kafka.clients.producer.ProducerRecord;
+import org.apache.kafka.clients.producer.RecordMetadata;
+import org.apache.kafka.common.serialization.StringSerializer;
+
+/**
+ * A token authentication example of Kafka producer.
+ */
+public class TokenProducer {
+    public static void main(String[] args) throws ExecutionException, InterruptedException, IOException {
+        // 1. Get the configured parameters from token.properties
+        final Properties tokenProps = new Properties();
+        tokenProps.load(TokenProducer.class.getClassLoader().getResourceAsStream("token.properties"));
+        final String bootstrapServers = tokenProps.getProperty("bootstrap.servers");
+        final String topic = tokenProps.getProperty("topic");
+        final String namespace = tokenProps.getProperty("namespace");
+        final String token = tokenProps.getProperty("token");
+
+        // 2. Create a producer with token authentication, which is equivalent to SASL/PLAIN mechanism in Kafka
+        final Properties props = new Properties();
+        props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, bootstrapServers);
+        props.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, StringSerializer.class);
+        props.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, StringSerializer.class);
+        props.put("security.protocol", "SASL_PLAINTEXT");
+        props.put("sasl.mechanism", "PLAIN");
+        props.put("sasl.jaas.config", String.format(
+                "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"%s\" password=\"%s\";",
+                namespace, token));
+        final KafkaProducer<String, String> producer = new KafkaProducer<>(props);
+
+        // 3. Produce one message
+        final Future<RecordMetadata> recordMetadataFuture = producer.send(new ProducerRecord<>(topic, "hello"));
+        final RecordMetadata recordMetadata = recordMetadataFuture.get();
+        System.out.println("Send hello to " + recordMetadata);
+        producer.close();
+    }
+}

kop/java/src/main/resources/simplelogger.properties

@@ -0,0 +1,18 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# http://www.slf4j.org/api/org/slf4j/impl/SimpleLogger.html
+org.slf4j.simpleLogger.defaultLogLevel=info
+org.slf4j.simpleLogger.showDateTime=true
+org.slf4j.simpleLogger.dateTimeFormat=yyyy-MM-dd HH:mm:ss:SSS

kop/java/src/main/resources/token.properties

@@ -0,0 +1,19 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+bootstrap.servers=localhost:9092
+topic=persistent://public/default/my-topic
+group=my-group
+namespace=public/default
+token=token:<token>