Interface AuthenticationProvider
- All Superinterfaces:
AutoCloseable
,Closeable
- All Known Implementing Classes:
AuthenticationProviderBasic
,AuthenticationProviderList
,AuthenticationProviderTls
,AuthenticationProviderToken
-
Method Summary
Modifier and TypeMethodDescriptiondefault String
authenticate
(AuthenticationDataSource authData) Deprecated.default CompletableFuture<String>
authenticateAsync
(AuthenticationDataSource authData) Validate the authentication for the given credentials with the specified authentication data.default boolean
authenticateHttpRequest
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Deprecated.use and implementauthenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
instead.default CompletableFuture<Boolean>
authenticateHttpRequestAsync
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Validate the authentication for the given credentials with the specified authentication data.default void
incrementFailureMetric
(Enum<?> errorCode) void
initialize
(ServiceConfiguration config) Perform initialization for the authentication provider.default AuthenticationState
newAuthState
(org.apache.pulsar.common.api.AuthData authData, SocketAddress remoteAddress, SSLSession sslSession) Create an authentication data State use passed in AuthenticationDataSource.default AuthenticationState
newHttpAuthState
(javax.servlet.http.HttpServletRequest request) Deprecated.implementations that previously relied on this should update their implementation ofauthenticateHttpRequest(HttpServletRequest, HttpServletResponse)
or ofauthenticateHttpRequestAsync(HttpServletRequest, HttpServletResponse)
so that the desired attributes are added in those methods.
-
Method Details
-
initialize
Perform initialization for the authentication provider.- Parameters:
config
- broker config object- Throws:
IOException
- if the initialization fails
-
getAuthMethodName
String getAuthMethodName()- Returns:
- the authentication method name supported by this provider
-
authenticateAsync
Validate the authentication for the given credentials with the specified authentication data. This method is useful in one stage authentication, if you're not doing one stage or if you're providing your own state implementation for one stage authentication, it should return a failed future.Warning: the calling thread is an IO thread. Any implementation that relies on blocking behavior must ensure that the execution is completed using a separate thread pool to ensure IO threads are never blocked.
- Parameters:
authData
- authentication data generated while initiating a connection. There are several types, including, but not strictly limited to,AuthenticationDataHttp
,AuthenticationDataHttps
, andAuthenticationDataCommand
.- Returns:
- A completed future with the "role" string for the authenticated connection, if authentication is successful, or a failed future if the authData is not valid.
-
authenticate
@Deprecated default String authenticate(AuthenticationDataSource authData) throws AuthenticationException Deprecated.use and implementauthenticateAsync(AuthenticationDataSource)
instead.Validate the authentication for the given credentials with the specified authentication data. This method is useful in one stage authn, if you're not doing one stage or if you're providing your own state implementation for one stage authn, it should throw an exception.- Parameters:
authData
- provider specific authentication data- Returns:
- the "role" string for the authenticated connection, if the authentication was successful
- Throws:
AuthenticationException
- if the credentials are not valid
-
newAuthState
default AuthenticationState newAuthState(org.apache.pulsar.common.api.AuthData authData, SocketAddress remoteAddress, SSLSession sslSession) throws AuthenticationException Create an authentication data State use passed in AuthenticationDataSource.- Throws:
AuthenticationException
-
newHttpAuthState
@Deprecated(since="3.0.0") default AuthenticationState newHttpAuthState(javax.servlet.http.HttpServletRequest request) throws AuthenticationException Deprecated.implementations that previously relied on this should update their implementation ofauthenticateHttpRequest(HttpServletRequest, HttpServletResponse)
or ofauthenticateHttpRequestAsync(HttpServletRequest, HttpServletResponse)
so that the desired attributes are added in those methods.Note: this method was only ever used to generate an
AuthenticationState
object in order to generate anAuthenticationDataSource
that was added as theAuthenticatedDataAttributeName
attribute to the http request. Removing this method removes an unnecessary step in the authentication flow.Create an http authentication data State use passed in AuthenticationDataSource.- Throws:
AuthenticationException
-
authenticateHttpRequestAsync
default CompletableFuture<Boolean> authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Validate the authentication for the given credentials with the specified authentication data.Implementations of this method MUST modify the request by adding the
AuthenticatedRoleAttributeName
and theAuthenticatedDataAttributeName
attributes.Warning: the calling thread is an IO thread. Any implementations that rely on blocking behavior must ensure that the execution is completed on using a separate thread pool to ensure IO threads are never blocked.
- Returns:
- Set response, according to passed in request, and return whether we should do following chain.doFilter.
- Throws:
Exception
- when authentication failed and return whether we should do following chain.doFilter or not.
-
incrementFailureMetric
-
authenticateHttpRequest
@Deprecated default boolean authenticateHttpRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Exception Deprecated.use and implementauthenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
instead.Set response, according to passed in request. and return whether we should do following chain.doFilter or not.Implementations of this method MUST modify the request by adding the
AuthenticatedRoleAttributeName
and theAuthenticatedDataAttributeName
attributes.- Returns:
- Set response, according to passed in request, and return whether we should do following chain.doFilter.
- Throws:
Exception
- when authentication failed
-
authenticateAsync(AuthenticationDataSource)
instead.