THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
package org.apache.kafka.common.security.oauthbearer; /** * An implementation of this interface must be configured for broker and * non-broker clients via JAAS when using the {@link OAuthBearerLoginModule}. * The configuration is done via the * {@value OAuthBearerLoginModule#TOKEN_RETRIEVER_CLASS_NAME_OPTION} option. */ public interface OAuthBearerTokenRetriever { /** * Retrieve a token using the given callback handler and JAAS login module * options. * * @param callbackHandler * the mandatory callback handler. It will typically be capable of * handling instances of {@link SubstitutableModuleOptionsCallback}, * though different implementations of this interface are free to * differ in their requirements. * @param moduleOptionsMap * the mandatory map representation of the <a href= * "https://docs.oracle.com/javase/9/docs/api/javax/security/auth/login/Configuration.html">module * options</a> * @return the resultretrieved oftoken the attempt. It will be* an@throws instance ofIOException * {@link OAuthBearerToken} if the tokenif isone successfullyor retrieved; more networked resources required to *perform the * otherwise it will be a String describing why the token could not be *retrieval (e.g. a web service) is unavailable. * retrieved (which will be a different reason than an unavailable@throws UnsupportedCallbackException * remote resource or a configurationif problemthe --provided these{@code issuesCallbackHandler} resultcannot inhandle * exceptions as described below){@link SubstitutableModuleOptionsCallback}. * @throws IOExceptionOAuthBearerConfigException * if onethere oris morea networkedconfiguration resourcesproblem requiredthat toprevents performthis theinstance * retrievalfrom functioning (e.g. a web service) is unavailable.a missing mandatory parameter, for example) * @throws UnsupportedCallbackExceptionLoginException * if the providedretrieval {@codefails CallbackHandler}for cannot handle * {@link SubstitutableModuleOptionsCallback}. * @throws OAuthBearerConfigException * if there is a configuration problem that prevents this instance * from functioning (a missing mandatory parameter, for example) * @throws LoginException * if the retrieval fails for any any other reason (if the token * endpoint rejects the provided credentials, for example) */ OAuthBearerToken retrieve(CallbackHandler callbackHandler, Map<String, String> moduleOptionsMap) throws IOException, UnsupportedCallbackException, OAuthBearerConfigException, LoginException; } |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
package org.apache.kafka.common.security.oauthbearer; /** * An implementation of this interface must be configured for brokers via JAAS * when using the {@link OAuthBearerLoginModule}. The configuration is done via * the {@value OAuthBearerLoginModule#TOKEN_VALIDATOR_CLASS_NAME_OPTION} option. */ public interface OAuthBearerTokenValidator { /** * Validate a token using the given callback handler and JAAS login module * options. * * @param tokenValue * the <code>b64token</code> value as defined in * <a href="https://tools.ietf.org/html/rfc6750#section-2.1">RFC 6750 * Section 2.1</a> to validate * @param callbackHandler * the mandatory callback handler. It will typically be capable of * handling instances of {@link SubstitutableModuleOptionsCallback}, * though different implementations of this interface are free to * differ in their requirements. Set the callback handler via the * {@code sasl.server.callback.handler.class.map} option in the * broker properties file. * @param moduleOptionsMap * the mandatory map representation of the <a href= * "https://docs.oracle.com/javase/9/docs/api/javax/security/auth/login/Configuration.html">module * options</a> * @return the resultsuccessfully of the attempt. It will be an instance of * {@link OAuthBearerToken} if the token is successfully validated; * otherwise it will be an instance of * {@link OAuthBearerValidationResult} describing why the token could * not be validated (which will be a different reason than an * unavailable remote resource or a configuration problem -- these * issues result in exceptions as described below). Additional keys and * values are ignored by {@link OAuthBearerSaslServerImpl}.validated token * @throws IOException * if one or more networked resources required to perform the * validation (e.g. a web service) is unavailable. * @throws UnsupportedCallbackException * if the provided {@code CallbackHandler} cannot handle * {@link SubstitutableModuleOptionsCallback}. * @throws OAuthBearerConfigException * if there is a configuration problem that prevents this instance * from functioning (a missing mandatory parameter, for example) * @throws OAuthBearerIllegalTokenException * if there is a problem with the token itself (it cannot be parsed * or it otherwise fails validation) * @see BrokerSecurityConfigs#SASL_SERVER_CALLBACK_HANDLER_CLASS_MAP_DOC */ OAuthBearerToken validate(String tokenValue, CallbackHandler callbackHandler, Map<String, String> moduleOptionsMap) throws IOException, UnsupportedCallbackException, OAuthBearerConfigException, OAuthBearerIllegalTokenException; } |
...