org.apache.pulsar.broker.authentication

Interface AuthenticationProvider

All Superinterfaces:

AutoCloseable, Closeable

All Known Implementing Classes:

AuthenticationProviderBasic, AuthenticationProviderList, AuthenticationProviderTls, AuthenticationProviderToken

public interface AuthenticationProvider
extends Closeable

Provider of authentication mechanism.

Method Summary

Modifier and Type	Method and Description
default String	authenticate(AuthenticationDataSource authData) Deprecated. use and implement authenticateAsync(AuthenticationDataSource) instead.
default CompletableFuture<String>	authenticateAsync(AuthenticationDataSource authData) Validate the authentication for the given credentials with the specified authentication data.
default boolean	authenticateHttpRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Deprecated. use and implement authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) instead.
default CompletableFuture<Boolean>	authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Validate the authentication for the given credentials with the specified authentication data.
String	getAuthMethodName()
void	initialize(ServiceConfiguration config) Perform initialization for the authentication provider.
default AuthenticationState	newAuthState(org.apache.pulsar.common.api.AuthData authData, SocketAddress remoteAddress, SSLSession sslSession) Create an authentication data State use passed in AuthenticationDataSource.

Methods inherited from interface java.io.Closeable

close

Method Detail

initialize

void initialize(ServiceConfiguration config)
         throws IOException

Perform initialization for the authentication provider.

Parameters:

config - broker config object

Throws:

IOException - if the initialization fails

getAuthMethodName

String getAuthMethodName()

Returns:

the authentication method name supported by this provider

authenticateAsync

default CompletableFuture<String> authenticateAsync(AuthenticationDataSource authData)

Validate the authentication for the given credentials with the specified authentication data. This method is useful in one stage authentication, if you're not doing one stage or if you're providing your own state implementation for one stage authentication, it should return a failed future.

Warning: the calling thread is an IO thread. Any implementation that relies on blocking behavior must ensure that the execution is completed using a separate thread pool to ensure IO threads are never blocked.

Parameters:

authData - authentication data generated while initiating a connection. There are several types, including, but not strictly limited to, AuthenticationDataHttp, AuthenticationDataHttps, and AuthenticationDataCommand.

Returns:

A completed future with the "role" string for the authenticated connection, if authentication is successful, or a failed future if the authData is not valid.

authenticate

@Deprecated
default String authenticate(AuthenticationDataSource authData)
                                 throws AuthenticationException

Deprecated. use and implement authenticateAsync(AuthenticationDataSource) instead.

Validate the authentication for the given credentials with the specified authentication data. This method is useful in one stage authn, if you're not doing one stage or if you're providing your own state implementation for one stage authn, it should throw an exception.

Parameters:

authData - provider specific authentication data

Returns:

the "role" string for the authenticated connection, if the authentication was successful

Throws:

AuthenticationException - if the credentials are not valid

newAuthState

default AuthenticationState newAuthState(org.apache.pulsar.common.api.AuthData authData,
                                         SocketAddress remoteAddress,
                                         SSLSession sslSession)
                                  throws AuthenticationException

Create an authentication data State use passed in AuthenticationDataSource.

Throws:

AuthenticationException

authenticateHttpRequestAsync

@InterfaceStability.Unstable
default CompletableFuture<Boolean> authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest request,
                                                                                             javax.servlet.http.HttpServletResponse response)

Validate the authentication for the given credentials with the specified authentication data.

Warning: the calling thread is an IO thread. Any implementations that rely on blocking behavior must ensure that the execution is completed on using a separate thread pool to ensure IO threads are never blocked.

Note: this method is marked as unstable because the Pulsar code base only calls it for the Pulsar Broker Auth SASL plugin. All non SASL HTTP requests are authenticated using the authenticateAsync(AuthenticationDataSource) method. As such, this method might be removed in favor of the SASL provider implementing the authenticateAsync(AuthenticationDataSource) method.

Returns:

Set response, according to passed in request. and return whether we should do following chain.doFilter or not.

authenticateHttpRequest

@Deprecated
default boolean authenticateHttpRequest(javax.servlet.http.HttpServletRequest request,
                                                    javax.servlet.http.HttpServletResponse response)
                                             throws Exception

Deprecated. use and implement authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) instead.

Set response, according to passed in request. and return whether we should do following chain.doFilter or not.

Throws:

Exception