You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To connect to a Pulsar cluster that requires authentication, you need to set the `authPluginClassName` and any parameters required by the authentication plugin. You can set the parameters as a single JSON-encoded string or as map of parameter names to parameter values. The following listings show both approaches:
4
+
To connect to a Pulsar cluster that requires authentication, you need to specify which authentication plugin to use and any parameters required by the specified plugin.
5
+
When **using Spring Boot** auto-configuration, you can set the plugin and the plugin parameters via configuration properties (in most cases).
You need to ensure that names defined under `+spring.pulsar.client.authentication.param.*+` exactly match those expected by your auth plugin (which is typically camel cased).
10
+
Spring Boot will not attempt any kind of relaxed binding for these entries.
For example, if you want to configure the issuer url for the `AuthenticationOAuth2` auth plugin you must use `+spring.pulsar.client.authentication.param.issuerUrl+`.
13
+
If you use other forms, such as `issuerurl` or `issuer-url`, the setting will not be applied to the plugin.
14
+
====
15
+
16
+
When **not using Spring Boot** auto-configuration, you can use the `org.apache.pulsar.client.api.AuthenticationFactory` to create the authentication and then set it directly on the Pulsar client builder in a client customizer that you provide to the client factory.
28
17
29
-
TIP: Using a map is the recommended approach as it is less error-prone and easier to read.
30
18
31
19
The following listings show how to configure each of the supported authentication mechanisms.
32
20
@@ -39,15 +27,31 @@ The following listings show how to configure each of the supported authenticatio
NOTE: Because this option requires TLS encryption, which already requires you to <<pulsar.adoc#tls-encryption,provide a client builder customizer>>, it is recommended to simply add the authentication directly on the client builder in your provided TLS customizer.
116
+
You can use the `org.apache.pulsar.client.api.AuthenticationFactory` to help create the authentication object as follows:
See the official Pulsar documentation on {apache-pulsar-docs}/security-tls-authentication/#configure-mtls-authentication-in-pulsar-clients[mTLS (PEM)].
120
122
====
121
123
122
-
[[Token]]
123
-
.[.underline]#Click ##here## for **Token**#
124
+
[[mTLS-jks]]
125
+
.[.underline]#Click ##here## for **mTLS (JKS)**#
124
126
[%collapsible]
125
127
====
126
-
[source, yaml]
128
+
NOTE: Because this option requires TLS encryption, which already requires you to <<pulsar.adoc#tls-encryption,provide a client builder customizer>>, it is recommended to simply add the authentication directly on the client builder in your provided TLS customizer.
129
+
You can use the `org.apache.pulsar.client.api.AuthenticationFactory` to help create the authentication object as follows:
See the official Pulsar documentation on {apache-pulsar-docs}/security-tls-authentication/#configure-clients[mTLS (JKS)].
135
137
====
136
138
137
-
NOTE: You can find more information on each of the schemes and their required properties in the official {apache-pulsar-docs}/security-overview#authentication-providers[Pulsar security] documentation.
139
+
You can find more information on each of the support plugins and their required properties in the official {apache-pulsar-docs}/security-overview#authentication-providers[Pulsar security] documentation.
By default, Pulsar clients communicate with Pulsar services in plain text.
5
+
The following section describes how to configure Pulsar clients to use TLS encryption (SSL).
6
+
A pre-requisite is that the Broker has also been configured to use TLS encryption.
7
+
8
+
The Spring Boot auto-configuration does not currently support any TLS/SSL configuration properties.
9
+
You can instead provide a `PulsarClientBuilderCustomizer` that sets the necessary properties on the Pulsar client builder.
10
+
Pulsar supports both Privacy Enhanced Mail (PEM) and Java KeyStore (JKS) certificate formats.
11
+
12
+
Follow these steps to configure TLS:
13
+
14
+
1. Adjust the Pulsar client service url to use the `pulsar+ssl://` scheme and TLS port (typically `6651`).
15
+
2. Adjust the admin client service url to use the `https://` scheme and TLS web port (typically `8443`).
16
+
3. Provide client builder customizer(s) that sets the relevant properties on the builder.
17
+
- {github}/blob/02730275e8d0291525eed9db5babe880c555a7bd/integration-tests/src/intTest/java/org/springframework/pulsar/inttest/app/SamplePemBasedSslConfig.java#L30-L49[PEM based sample]
18
+
- {github}/blob/02730275e8d0291525eed9db5babe880c555a7bd/integration-tests/src/intTest/java/org/springframework/pulsar/inttest/app/SampleJksBasedSslConfig.java#L30-L57[JKS based sample]
19
+
20
+
You can find more information on the above in the official {apache-pulsar-docs}/security-tls-transport/[Pulsar TLS Encryption] documentation.
0 commit comments