Package org.apache.pulsar.broker.authentication

Interface AuthenticationProvider

All Superinterfaces:
AutoCloseable, Closeable
All Known Implementing Classes:
AuthenticationProviderBasic, AuthenticationProviderList, AuthenticationProviderTls, AuthenticationProviderToken
public interface AuthenticationProvider extends Closeable
Provider of authentication mechanism.

  • Method Details

    • initialize

      void initialize(ServiceConfiguration config) throws IOException
      Perform initialization for the authentication provider.
      Parameters:
      config - broker config object
      Throws:
      IOException - if the initialization fails

    • getAuthMethodName

      String getAuthMethodName()
      Returns:
      the authentication method name supported by this provider

    • authenticateAsync

      default CompletableFuture<String> authenticateAsync(AuthenticationDataSource authData)
      Validate the authentication for the given credentials with the specified authentication data. This method is useful in one stage authentication, if you're not doing one stage or if you're providing your own state implementation for one stage authentication, it should return a failed future.

      Warning: the calling thread is an IO thread. Any implementation that relies on blocking behavior must ensure that the execution is completed using a separate thread pool to ensure IO threads are never blocked.

      Parameters:
      authData - authentication data generated while initiating a connection. There are several types, including, but not strictly limited to, AuthenticationDataHttp, AuthenticationDataHttps, and AuthenticationDataCommand.
      Returns:
      A completed future with the "role" string for the authenticated connection, if authentication is successful, or a failed future if the authData is not valid.

    • authenticate

      @Deprecated default String authenticate(AuthenticationDataSource authData) throws AuthenticationException
      Deprecated.
      use and implement authenticateAsync(AuthenticationDataSource) instead.
      Validate the authentication for the given credentials with the specified authentication data. This method is useful in one stage authn, if you're not doing one stage or if you're providing your own state implementation for one stage authn, it should throw an exception.
      Parameters:
      authData - provider specific authentication data
      Returns:
      the "role" string for the authenticated connection, if the authentication was successful
      Throws:
      AuthenticationException - if the credentials are not valid

    • newAuthState

      default AuthenticationState newAuthState(org.apache.pulsar.common.api.AuthData authData, SocketAddress remoteAddress, SSLSession sslSession) throws AuthenticationException
      Create an authentication data State use passed in AuthenticationDataSource.
      Throws:
      AuthenticationException

    • newHttpAuthState

      default AuthenticationState newHttpAuthState(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
      Create an http authentication data State use passed in AuthenticationDataSource.
      Throws:
      AuthenticationException

    • authenticateHttpRequestAsync

      @Unstable default CompletableFuture<Boolean> authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Validate the authentication for the given credentials with the specified authentication data.

      Warning: the calling thread is an IO thread. Any implementations that rely on blocking behavior must ensure that the execution is completed on using a separate thread pool to ensure IO threads are never blocked.

      Note: this method is marked as unstable because the Pulsar code base only calls it for the Pulsar Broker Auth SASL plugin. All non SASL HTTP requests are authenticated using the authenticateAsync(AuthenticationDataSource) method. As such, this method might be removed in favor of the SASL provider implementing the authenticateAsync(AuthenticationDataSource) method.

      Returns:
      Set response, according to passed in request. and return whether we should do following chain.doFilter or not.

    • incrementFailureMetric

      default void incrementFailureMetric(Enum<?> errorCode)

    • authenticateHttpRequest

      @Deprecated default boolean authenticateHttpRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Exception
      Deprecated.
      use and implement authenticateHttpRequestAsync(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) instead.
      Set response, according to passed in request. and return whether we should do following chain.doFilter or not.
      Throws:
      Exception