Interface AuthenticationState
- All Known Implementing Classes:
OneStageAuthenticationState
Pulsar integrates with this class in the following order:
1. Initialize the class by calling AuthenticationProvider.newAuthState(AuthData, SocketAddress, SSLSession)
2. Call authenticate(AuthData)
. If result is not null, send to client. And call
authenticate(AuthData)
with the client's response. Repeat until result of authenticate(AuthData)
is null or an exception.
3. Call getAuthRole()
and getAuthDataSource()
to use for authentication. It is expected that these
responses update with each call to authenticate(AuthData)
.
4. Poll isExpired()
until it returns true.
5. Call refreshAuthentication()
and GoTo step 2 when client responds.
-
Method Summary
Modifier and TypeMethodDescriptionorg.apache.pulsar.common.api.AuthData
authenticate
(org.apache.pulsar.common.api.AuthData authData) Deprecated.default CompletableFuture<org.apache.pulsar.common.api.AuthData>
authenticateAsync
(org.apache.pulsar.common.api.AuthData authData) Challenge passed in auth data.Return AuthenticationDataSource.After the authentication between client and broker completed, get authentication role represent for the client.default long
Get AuthenticationState ID.boolean
Deprecated.this method's logic is captured by the result ofauthenticateAsync(AuthData)
.default boolean
If the authentication state is expired, it will force the connection to be re-authenticated.default org.apache.pulsar.common.api.AuthData
If the authentication state supports refreshing and the credentials are expired, the auth provider will call this method to initiate the refresh process.
-
Method Details
-
getAuthRole
After the authentication between client and broker completed, get authentication role represent for the client. It should throw exception if auth not complete.- Throws:
AuthenticationException
-
authenticate
@Deprecated org.apache.pulsar.common.api.AuthData authenticate(org.apache.pulsar.common.api.AuthData authData) throws AuthenticationException Deprecated.use and implementauthenticateAsync(AuthData)
instead.Challenge passed in auth data and get response data.- Throws:
AuthenticationException
-
authenticateAsync
default CompletableFuture<org.apache.pulsar.common.api.AuthData> authenticateAsync(org.apache.pulsar.common.api.AuthData authData) Challenge passed in auth data. If authentication is complete after the execution of this method, return null. Otherwise, return response data to be sent to the client.Note: the implementation of
authenticate(AuthData)
converted a null result into a zero length byte array whenisComplete()
returned false after authentication. In order to simplify this interface, the determination of whether to send a challenge back to the client is only based on the result of this method. In order to maintain backwards compatibility, the default implementation of this method callsisComplete()
and returns a result compliant with the new paradigm. -
getAuthDataSource
AuthenticationDataSource getAuthDataSource()Return AuthenticationDataSource. -
isComplete
Deprecated.this method's logic is captured by the result ofauthenticateAsync(AuthData)
. When the result is aCompletableFuture
with a null result, authentication is complete. When the result is aCompletableFuture
with a nonnull result, authentication is incomplete and requires an auth challenge.Whether the authentication is completed or not. -
getStateId
default long getStateId()Get AuthenticationState ID. -
isExpired
default boolean isExpired()If the authentication state is expired, it will force the connection to be re-authenticated. -
refreshAuthentication
default org.apache.pulsar.common.api.AuthData refreshAuthentication() throws AuthenticationExceptionIf the authentication state supports refreshing and the credentials are expired, the auth provider will call this method to initiate the refresh process.The auth state here will return the broker side data that will be used to send a challenge to the client.
- Returns:
- the
AuthData
for the broker challenge to client - Throws:
AuthenticationException
-
authenticateAsync(AuthData)
instead.