Class OAuthBearerExtensionsValidatorCallback
java.lang.Object
org.apache.kafka.common.security.oauthbearer.CommonExtensionsValidatorCallback
org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback
- All Implemented Interfaces:
Callback
,Contextable
A
Callback
for use by the SaslServer
implementation when it
needs to validate the SASL extensions for the OAUTHBEARER mechanism
Callback handlers should use the CommonExtensionsValidatorCallback.valid(String)
method to communicate valid extensions back to the SASL server.
Callback handlers should use the
CommonExtensionsValidatorCallback.error(String, String)
method to communicate validation errors back to
the SASL Server.
As per RFC-7628 (https://tools.ietf.org/html/rfc7628#section-3.1), unknown extensions must be ignored by the server.
The callback handler implementation should simply ignore unknown extensions,
not calling CommonExtensionsValidatorCallback.error(String, String)
nor CommonExtensionsValidatorCallback.valid(String)
.
Callback handlers should communicate other problems by raising an IOException
.
The OAuth bearer token is provided in the callback for better context in extension validation.
It is very important that token validation is done in its own OAuthBearerValidatorCallback
irregardless of provided extensions, as they are inherently insecure.
-
Field Summary
Fields inherited from class org.apache.kafka.common.security.oauthbearer.CommonExtensionsValidatorCallback
SEPARATOR
-
Constructor Summary
ConstructorsConstructorDescriptionOAuthBearerExtensionsValidatorCallback
(OAuthBearerToken token, SaslExtensions extensions) OAuthBearerExtensionsValidatorCallback
(OAuthBearerToken token, SaslExtensions extensions, io.confluent.kafka.util.ClientContext context) -
Method Summary
Methods inherited from class org.apache.kafka.common.security.oauthbearer.CommonExtensionsValidatorCallback
addValidated, addValidated, context, data, data, error, errorMessage, errorMessage, errors, ignoredExtensions, inputExtensions, invalidExtensions, valid, valid, valid, validatedExtensions
-
Constructor Details
-
OAuthBearerExtensionsValidatorCallback
public OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token, SaslExtensions extensions, io.confluent.kafka.util.ClientContext context) -
OAuthBearerExtensionsValidatorCallback
-
-
Method Details
-
token
- Returns:
OAuthBearerToken
the OAuth bearer token of the client
-