Is there an alternative to set java.security.auth.login.config?

[houshengbo]

I know it seems to be necessary to set the property "java.security.auth.login.config" to the path of the jaas.conf, in order to authenticate with the message hub service, based on the Java code example. However, is there an alternative way to set the credentials in the java without loading the credentials from the jaas.conf file? I have already got all the credentials for the message hub service. I am wondering if there is another way to load the credentials. Thank you.

[edoardocomar]

Hi @houshengbo , you should be able to specify the security configuration programmatically, instead of declaratively. You could try setting the system property to something (because the Kafka codes checks it’s set) but at the start of your application create an instance of javax.security.auth.login.Configuration and set it to the JVM using javax.security.auth.login.Configuration.setConfiguration(Configuration)

I could not find any examples, but this approach is taken in a proposed KIP for Kafka where the Configuration object is read from the client properties rather than from a file on the file system.

see https://github.com/apache/kafka/pull/1979/commits

[edoardocomar]

closing as it's not an issue with the samples but a Java security question

[edoardocomar]

Alternatively, you can avoid bundling your application with a jaas.conf, and pass username/password via CLI arguments or environment variables. Your app will simply generate at runtime in the temp directory a file (with the expected content!) and programmatically set the system property java.security.auth.login.config to that temp file.