5 Replies Latest reply on Jul 19, 2019 2:37 AM by jaikiran

    Wildfly 16 breaks Kafka Authentication

    sabartius

      Hi,

      after Upgrading from Wildfly 15 to Wildfly 16 we are unable to use a Kafka Client, because the Login Context cannot find the Loginmodule anymore.

      It seems as if there is something missing in the Wildfly-Security, which was present before.

       

      To reproduce create a Kafka-Consumer with Authentication using following Configuration:

       

      security.protocol = "SASL_SSL"

      sasl.mechanism = "SCRAM-SHA-512"

      sasl.jaas.config = "org.apache.kafka.common.security.scram.ScramLoginModule required username="myUser" password="myPwd";"

       

       

      2019-04-17T16:51:31.987+02:00 wildfly14:51:31,985 ERROR [org.jboss.as.ee] (EE-ManagedScheduledExecutorService-default-Thread-1) WFLYEE0110: Failed to run scheduled task: org.apache.kafka.common.KafkaException: Failed to construct kafka consumer

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:811)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:659)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:639)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//de.sabartius.repro.KafkaProducer.kafkaConsumer(KafkaProducer.java:27)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/java.lang.reflect.Method.invoke(Method.java:566)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:85)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.injection.producer.ProducerMethodProducer.produce(ProducerMethodProducer.java:103)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.injection.producer.AbstractMemberProducer.produce(AbstractMemberProducer.java:161)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:180)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.contexts.AbstractContext.get(AbstractContext.java:96)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:140)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:102)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.clients.consumer.AutoCloseable$Closeable$Consumer$2140932015$Proxy$_$$_WeldClientProxy.poll(Unknown Source)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//de.sabartius.repro.KafkaNachrichtenEingangImpl.poll(KafkaNachrichtenEingangImpl.java:26)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/java.lang.reflect.Method.invoke(Method.java:566)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.weld.core@3.1.0.Final//org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//de.sabartius.repro.KafkaNachrichtenEingang$2004750651$Proxy$_$$_WeldClientProxy.poll(Unknown Source)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.as.ee@16.0.0.Final//org.jboss.as.ee.concurrent.ControlPointUtils$ControlledScheduledRunnable.run(ControlPointUtils.java:158)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.glassfish.javax.enterprise.concurrent//org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.access$201(ManagedScheduledThreadPoolExecutor.java:383)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.glassfish.javax.enterprise.concurrent//org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.run(ManagedScheduledThreadPoolExecutor.java:534)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/java.lang.Thread.run(Thread.java:834)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.glassfish.javax.enterprise.concurrent//org.glassfish.enterprise.concurrent.ManagedThreadFactoryImpl$ManagedThread.run(ManagedThreadFactoryImpl.java:250)

      2019-04-17T16:51:31.987+02:00 wildfly    at org.jboss.as.ee@16.0.0.Final//org.jboss.as.ee.concurrent.service.ElytronManagedThreadFactory$ElytronManagedThread.run(ElytronManagedThreadFactory.java:85)

      2019-04-17T16:51:31.987+02:00 wildflyCaused by: org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: No LoginModule found for org.apache.kafka.common.security.scram.ScramLoginModule

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:160)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:67)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:112)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:726)

      2019-04-17T16:51:31.987+02:00 wildfly    ... 37 more

      2019-04-17T16:51:31.987+02:00 wildflyCaused by: javax.security.auth.login.LoginException: No LoginModule found for org.apache.kafka.common.security.scram.ScramLoginModule

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:710)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/java.security.AccessController.doPrivileged(Native Method)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)

      2019-04-17T16:51:31.987+02:00 wildfly    at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:60)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:61)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:104)

      2019-04-17T16:51:31.987+02:00 wildfly    at deployment.repro.war//org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:149)

      2019-04-17T16:51:31.987+02:00 wildfly    ... 41 more

        • 1. Re: Wildfly 16 breaks Kafka Authentication
          jaikiran

          Where is the jar containing the org.apache.kafka.common.security.scram.ScramLoginModule class located within your deployment?

          • 2. Re: Wildfly 16 breaks Kafka Authentication
            jaikiran

            Furthermore, is this a servlet or some other type of component trying to instantiate the Kafka consumer?

            • 3. Re: Wildfly 16 breaks Kafka Authentication
              sabartius

              jaikiran  schrieb:

               

              Where is the jar containing the org.apache.kafka.common.security.scram.ScramLoginModule class located within your deployment?

              The jar is a maven compile Dependency of the deployed war-File.

               

              jaikiran  schrieb:

               

              Furthermore, is this a servlet or some other type of component trying to instantiate the Kafka consumer?

               

              The Kafka-Consumer is instantiated by an ApplicationScoped CDI-Bean polling regulary the Kafka-Queue.

              • 4. Re: Wildfly 16 breaks Kafka Authentication
                miguelbaldi

                Seems to be a issue with Wildfly module ClassLoader.

                I was able to get around using this ugly trick:

                 

                Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
                new KafkaProducer<>(props, new StringSerializer(), new StringSerializer());

                 

                I had to change ContextClassLoader right before the KafkaProducer instantiation!

                 

                Best of luck to you

                • 5. Re: Wildfly 16 breaks Kafka Authentication
                  jaikiran

                  miguelbaldi  wrote:

                   

                  Seems to be a issue with Wildfly module ClassLoader.

                  I was able to get around using this ugly trick:

                   

                  Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());

                  new KafkaProducer<>(props, new StringSerializer(), new StringSerializer());

                   

                  What class is this, where you added this code? Some servlet or something else? Can you also paste the complete exception stacktrace which happens when you don't set the context classloader? I understand the first post in this trhead has a stacktrace, but I want to be sure we are talking about the exact same use case.