华为云kafka组件我遇到的有两种类型，一个是roma一个是mrs。两者鉴权方式虽然都是sasl,但是机制和协议不一样。roma的机制是PLAIN、协议是PLAINTEXT，mrs的机制是GSSAPI、协议为SASL_PLAINTEXT。

1、roma/kafka

1.1新增配置

kafka.sasl.mechanism: PLAIN

kafka.security.protocol: PLAINTEXT

2、mrs/kafka

2.1新增依赖

<dependency>

    <group>org.apache.kafka</group>

    <artifactId>kafka-clients</ artifactId>

    <version>2.4.0-hw-ei-302002</version>

</ dependency>

2.2新增配置

kafka.sasl.mechanism: GSSAPI

security.protocol: SASL_PLAINTEXT

kerberos.domain.name: hadoop.xxxxxxxxx.com

sasl.kerberos.service.name: kafka

2.3增加配置类

@Configuration

public class kafkaConfig{

    private String username = "test";

    private String krb5File = "/krb5.conf";

    private String userKeytabFile = "/rmc.keytab";

    @PostConstruct

    public void init(){
        KafkaSecurityPrepare.keybrosLogin(username, krb5File , userKeytabFile  );
    }

}

public class KafkaSecurityPrepare{

    public static void kerbrosLogin(String username,String krb5File,String userKeytabFile){
        KafkaLoginUtil.setKrb5Config(krb5File);

        KafkaLoginUtil.setZookeeperServerPrincipal("zookeeper/hadoop.hadoop.com");

        KafkaLoginUtil.setJaasFile(username,keytab);

    }

}

public class KafkaConfigUtil{

    public static void setKrb5Config(String krb5ConfigFile){
        System.setProperty("java.security.krb5.conf", krb5ConfigFile );
        
    }

    public static void  setJaasFile(String principal,String keytabPath){
        String jaasPath = new File(System.getProperty("java.io.tmpdir"))+System.getProperty("user,name")+".jaas.conf";

        FileWriter writer = new FileWriter(new File(jaasPath));
        Module[] allModule = Module.values();

        StringBuilder builder = new Stringbuilder();

        for(Module module : allModule){
            builder.append(getModuleContext( principal , keytabPath ,module));

        }
        writer.writer(builder);

        writer.flush();
    }

private static String getModuleContext(String principal,String keytabPath,Module module){
    Stringbuilder builder = ne wStringbuilder();

    String line = System.getProperty("line.separator") ;

    if(System.getProperty("java.vendor").contains("IBM")){
        builder.append(module.getName()).append(" {").append( line );

        builder.append("com.ibm.security.auth.module.Krb5LoginModule required").append( line );

        builder.append("credsType=both").append(line);

        builder.append("principal= \"" + principal + "\"").append(line);

        builder.append("userKeytab= \"" + keytabPath + "\"").append(line);

        builder.append("debug= true;").append(line);

        builder.append("};").append(line);
    }else{
         builder.append(module.getName()).append(" {").append( line );                builder.append("com.sun.security.auth.module.Krb5LoginModule required").append( line );       

        builder.append("userKeytab=true").append(line);

        builder.append("principal= \"" + principal + "\"").append(line);       

        builder.append("keytab= \"" + keytabPath + "\"").append(line); 

        builder.append("userTicketCache=false").append(line);
        builder.append("storeKey=true").append(line);       

        builder.append("debug= true;").append(line);

        builder.append("};").append(line);
    }

return builder.toString();
    
}

}