kPow.IO
kPow.IO
The Ultimate Engineering Toolkit for Apache Kafka®
kPow User Guide
About
Introduction
Our Team
Trials and Licenses
Releases
Support
Data Collection
Installation
Quick Start
System Requirements
Deployment Notes
Minimum ACL Permissions
Application Logs
OpenShift
AWS Marketplace
Troubleshooting
Configuration
Environment Variable Glossary
Kafka Cluster
Schema Registry
Kafka Connect
Multi-Cluster Management
Azure Event Hubs
Confluent Cloud
Redpanda
User Authentication
Overview
LdapLoginModule
PropertyFileLoginModule
JDBCLoginModule
OpenID/OAuth 2.0
SAML
User Authorization
Overview
Simple Access Control
Role Based Access Control
Tenants
Administration
Features
Kafka Streams
Data Governance (Audit Log)
Data Policies
HTTPS Connections
Live Mode
Data Inspect
Prometheus Integration
Slack Integration
Kafka Management
Topics
Groups
Brokers
ACLs
Connect
Schema Registry
Powered by GitBook

JDBCLoginModule

Authenticate Users with Jetty JAAS JDBCLoginModule

Configure kPow to read authentication and role information from a database via JDBC.

In Depth: For specifics on JAAS / JSBC configuration see the Jetty JDBCLoginModule docs.

Form or Basic Authentication?

kPow supports both form-based and basic authentication.

Form authentication is the default. To basic authentication, set the environment variable:

JETTY_AUTH_METHOD=basic

Configuration

To enable LdapLoginModule authentication you must:

  • Create a JAAS configuration file

  • Set the AUTH_PROVIDER_TYPE=jetty environment variable.

  • Start the JAR or Docker container with -Djava.security.auth.login.config=/path/to/jaas.conf

JAAS Configuration

Create a JAAS JDBC configuration file (the kpow realm is very important).

kpow {
      org.eclipse.jetty.jaas.spi.JDBCLoginModule required
      dbUrl="jdbc:hsqldb:."
      dbUserName="sa"
      dbDriver="org.hsqldb.jdbcDriver"
      userTable="myusers"
      userField="myuser"
      credentialField="mypassword"
      userRoleTable="myuserroles"
      userRoleUserField="myuser"
      userRoleRoleField="myrole";
      };

Environment Configuration

To activate Jetty JAAS authentication set the environment variable AUTH_PROVIDER_TYPE=jetty

JAR Startup

Specify the JAAS config file by setting the following system property when starting the JAR:

-Djava.security.auth.login.config=/path/to/jaas.conf

Note: System properties must come after java but before -jar.

AUTH_PROVIDER_TYPE=jetty \
<... more env vars ...> \
java -Djava.security.auth.login.config=/opt/kpow/jaas.conf -jar /opt/kpow/latest.jar

Docker Container Startup

Note: The JVM provides an environment variable called JAVA_TOOL_OPTIONS that can be used in place of system properties. We use this the thread the JAAS config to Docker.

Set the env var JAVA_TOOL_OPTIONS=-Djava.security.auth.login.config=/path/to/jaas.conf

Note: When your JAAS config is on the host machine and not within the container you will need to configure a docker volume mount so that kPow can read that configuration:

docker run --volume="/config/path:/config/path/" -p 3000:3000 --env-file ...

When starting the docker container you will see logging output similar to:

Picked up JAVA_TOOL_OPTIONS: -Djava.security.auth.login.config=/path/to/jaas.conf

User Experience

When configured your users will be prompted to authenticate on each new browser session.

User Authentication - Previous
PropertyFileLoginModule
Next - User Authentication
OpenID/OAuth 2.0
Last updated 8 months ago
Contents
Form or Basic Authentication?
Configuration
JAAS Configuration
Environment Configuration
JAR Startup
Docker Container Startup
User Experience