Package org.apache.pulsar.broker.authentication

Interface AuthenticationProvider

All Superinterfaces:
AutoCloseable, Closeable
All Known Implementing Classes:
AuthenticationProviderBasic, AuthenticationProviderList, AuthenticationProviderTls, AuthenticationProviderToken
public interface AuthenticationProvider extends Closeable
Provider of authentication mechanism.

  • Method Details

    • initialize

      void initialize(ServiceConfiguration config) throws IOException
      Perform initialization for the authentication provider.
      Parameters:
      config - broker config object
      Throws:
      IOException - if the initialization fails

    • getAuthMethodName

      String getAuthMethodName()
      Returns:
      the authentication method name supported by this provider

    • authenticateAsync

      default CompletableFuture<String> authenticateAsync(AuthenticationDataSource authData)
      Validate the authentication for the given credentials with the specified authentication data. This method is useful in one stage authentication, if you're not doing one stage or if you're providing your own state implementation for one stage authentication, it should return a failed future.

      Warning: the calling thread is an IO thread. Any implementation that relies on blocking behavior must ensure that the execution is completed using a separate thread pool to ensure IO threads are never blocked.

      Parameters:
      authData - authentication data generated while initiating a connection. There are several types, including, but not strictly limited to, AuthenticationDataHttp, AuthenticationDataHttps, and AuthenticationDataCommand.
      Returns:
      A completed future with the "role" string for the authenticated connection, if authentication is successful, or a failed future if the authData is not valid.

    • authenticate

      @Deprecated default String authenticate(AuthenticationDataSource authData) throws AuthenticationException
      Deprecated.
      use and implement authenticateAsync(AuthenticationDataSource) instead.
      Validate the authentication for the given credentials with the specified authentication data. This method is useful in one stage authn, if you're not doing one stage or if you're providing your own state implementation for one stage authn, it should throw an exception.
      Parameters:
      authData - provider specific authentication data
      Returns:
      the "role" string for the authenticated connection, if the authentication was successful
      Throws:
      AuthenticationException - if the credentials are not valid

    • newAuthState

      default AuthenticationState newAuthState(org.apache.pulsar.common.api.AuthData authData, SocketAddress remoteAddress, SSLSession sslSession) throws AuthenticationException
      Create an authentication data State use passed in AuthenticationDataSource.
      Throws:
      AuthenticationException

    • newHttpAuthState

      @Deprecated(since="3.0.0") default AuthenticationState newHttpAuthState(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
      Deprecated.
      implementations that previously relied on this should update their implementation of authenticateHttpRequest(HttpServletRequest, HttpServletResponse) or of authenticateHttpRequestAsync(HttpServletRequest, HttpServletResponse) so that the desired attributes are added in those methods.

      Note: this method was only ever used to generate an AuthenticationState object in order to generate an AuthenticationDataSource that was added as the AuthenticatedDataAttributeName attribute to the http request. Removing this method removes an unnecessary step in the authentication flow.

      Create an http authentication data State use passed in AuthenticationDataSource.
      Throws:
      AuthenticationException

    • authenticateHttpRequestAsync

      default CompletableFuture<Boolean> authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Validate the authentication for the given credentials with the specified authentication data.

      Implementations of this method MUST modify the request by adding the AuthenticatedRoleAttributeName and the AuthenticatedDataAttributeName attributes.

      Warning: the calling thread is an IO thread. Any implementations that rely on blocking behavior must ensure that the execution is completed on using a separate thread pool to ensure IO threads are never blocked.

      Returns:
      Set response, according to passed in request, and return whether we should do following chain.doFilter.
      Throws:
      Exception - when authentication failed and return whether we should do following chain.doFilter or not.

    • incrementFailureMetric

      default void incrementFailureMetric(Enum<?> errorCode)

    • authenticateHttpRequest

      @Deprecated default boolean authenticateHttpRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Exception
      Deprecated.
      use and implement authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) instead.
      Set response, according to passed in request. and return whether we should do following chain.doFilter or not.

      Implementations of this method MUST modify the request by adding the AuthenticatedRoleAttributeName and the AuthenticatedDataAttributeName attributes.

      Returns:
      Set response, according to passed in request, and return whether we should do following chain.doFilter.
      Throws:
      Exception - when authentication failed