Re: [PR] KAFKA-18627: Deprecated "org.apache.kafka.disallowed.login.modules" [kafka]

via GitHub Sun, 15 Jun 2025 09:09:29 -0700


chia7712 commented on code in PR #18683:
URL: https://github.com/apache/kafka/pull/18683#discussion_r2148392691



##########
clients/src/test/java/org/apache/kafka/common/security/JaasContextTest.java:
##########
@@ -252,6 +252,30 @@ public void testDisallowedLoginModulesSystemProperty() 
throws Exception {
         checkEntry(context.configurationEntries().get(0), 
"com.sun.security.auth.module.LdapLoginModule",
                 LoginModuleControlFlag.REQUISITE, Collections.emptyMap());
     }
+    
+    @Test
+     void testAllowedLoginModulesSystemProperty() {
+
+        //  default
+        String jaasConfigProp1 = "com.ibm.security.auth.module.LdapLoginModule 
required;";
+        assertDoesNotThrow(() ->  configurationEntry(JaasContext.Type.CLIENT, 
jaasConfigProp1));

Review Comment:
   we don't need to wrap it by `assertDoesNotThrow`



##########
clients/src/test/java/org/apache/kafka/common/security/JaasContextTest.java:
##########
@@ -252,6 +252,30 @@ public void testDisallowedLoginModulesSystemProperty() 
throws Exception {
         checkEntry(context.configurationEntries().get(0), 
"com.sun.security.auth.module.LdapLoginModule",
                 LoginModuleControlFlag.REQUISITE, Collections.emptyMap());
     }
+    
+    @Test
+     void testAllowedLoginModulesSystemProperty() {
+
+        //  default
+        String jaasConfigProp1 = "com.ibm.security.auth.module.LdapLoginModule 
required;";
+        assertDoesNotThrow(() ->  configurationEntry(JaasContext.Type.CLIENT, 
jaasConfigProp1));
+
+        String jaasConfigProp2 = "com.sun.security.auth.module.JndiLoginModule 
required;";
+        //  set allow dont' set not allow
+        System.setProperty(JaasUtils.ALLOWED_LOGIN_MODULES_CONFIG, 
"com.ibm.security.auth.module.LdapLoginModule");
+        assertDoesNotThrow(() ->  configurationEntry(JaasContext.Type.CLIENT, 
jaasConfigProp1));
+        assertThrows(IllegalArgumentException.class, () ->  
configurationEntry(JaasContext.Type.CLIENT, jaasConfigProp2));

Review Comment:
   Please check the error message



##########
clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java:
##########
@@ -16,9 +16,12 @@
  */
 package org.apache.kafka.common.security;
 
+
 public final class JaasUtils {
     public static final String JAVA_LOGIN_CONFIG_PARAM = 
"java.security.auth.login.config";
+    @Deprecated
     public static final String DISALLOWED_LOGIN_MODULES_CONFIG = 
"org.apache.kafka.disallowed.login.modules";
+    public static final String ALLOWED_LOGIN_MODULES_CONFIG = 
"org.apache.kafka.allowed.login.modules";
     public static final String DISALLOWED_LOGIN_MODULES_DEFAULT =

Review Comment:
   please add `@Deprecated` to it



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] KAFKA-18627: Deprecated "org.apache.kafka.disallowed.login.modules" [kafka]

Reply via email to