public class EnhancedOAuthBearerValidatorCallbackHandler extends Object implements org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
CallbackHandler that recognizes
OAuthBearerValidatorCallback and OAuthBearerExtensionsValidatorCallback
for validating a secured OAuth 2 bearer token issued by Confluent/external OIDC provider, SASL extensions
specifying the logical cluster this token is meant for and an identity pool ID to assume if token is from
external OIDC provider.
It verifies the signature of the JWTToken through a public key it retrieves from KeyResolver provided by JwtAuthenticator
This class must be explicitly set via the
listener.name.<listenerName>.oauthbearer.sasl.server.callback.handler.class
broker configuration property.
| Constructor and Description |
|---|
EnhancedOAuthBearerValidatorCallbackHandler() |
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
checkSniHostNameMatched(org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback callback,
String logicalClusterId,
String sniHostName,
SniValidationMode sniValidationMode) |
void |
close() |
void |
configure(Map<String,?> configs,
String saslMechanism,
List<AppConfigurationEntry> jaasConfigEntries) |
void |
handle(Callback[] callbacks) |
public EnhancedOAuthBearerValidatorCallbackHandler()
public void configure(Map<String,?> configs, String saslMechanism, List<AppConfigurationEntry> jaasConfigEntries)
configure in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandlerpublic void handle(Callback[] callbacks) throws UnsupportedCallbackException
handle in interface CallbackHandlerUnsupportedCallbackExceptionpublic void close()
close in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandlerprotected boolean checkSniHostNameMatched(org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback callback,
String logicalClusterId,
String sniHostName,
SniValidationMode sniValidationMode)