THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
package org.apache.kafka.common.security.oauthbearer;
/**
* This class is responsible for refreshing logins for both Kafka client and
* server when the credential is an OAuth 2 bearer token communicated over
* SASL/OAUTHBEARER. An OAuth 2 bearer token has a limited lifetime, and an
* instance of this class periodically refreshes it so that the client can
* create new connections to brokers on an ongoing basis.
* <p>
* This class is set via the {@code sasl.login.class} client configuration
* property or the {@code listener.name.sasl_ssl.oauthbearer.sasl.login.class}
* broker configuration property.
* <p>
* The login callback handler seen by the {@link OAuthBearerLoginModule}
* instance is set via the {@code sasl.login.callback.handler.class} client
* configuration property or the
* {@code listener.name.sasl_ssl.oauthbearer.sasl.login.callback.handler.class}
* broker configuration property.
* <p>
* This class recognizes the following refresh-related configuration properties,
* which must be set in the JAAS configuration:
* <ul>
* <li><b>clientRefreshWindowFactor</b> -- the background login refresh thread
* will sleep until the specified window factor relative to the token's total
* lifetime has been reached, at which time it will try to refresh the
* credential. Legal values are between 0.5 (50%) and 1.0 (100%) inclusive; a
* default value of 0.8 (80%) is used if a legal value is not specified.</li>
* <li><b>clientRefreshWindowJitter</b> -- the maximum amount of random jitter
* relative to the token's total lifetime that is added to the background login
* refresh thread's sleep time. Legal values are between 0 and 0.25 (25%)
* inclusive; a default value of 0.05 (5%) is used if a legal value is not
* specified.</li>
* <li><b>clientRefreshMinPeriodMillis<<li><b>clientRefreshMinPeriodSeconds</b> -- the desired minimum time to wait
* before refreshing a token, in millisecondsseconds. Legal values are between 0 and
* 900,000 (15
* minutes); a default value of 60,000 (1 minute) is used if a legal
* value is not
* specified.</li>
* <li><b>clientRefreshBufferSeconds</b> -- the amount of buffer time before
* expiration to maintain when refreshing. If a refresh is scheduled to occur
* closer to expiration than the number of seconds defined here then the refresh
* will be moved up if possible so as to maintain the desired buffer. Legal
* values are between 0 and 3,600 (1 hour); a default value of 120 (2 minutes)
* is used if a legal value is not specified.</li>
* </ul>
* Note that SASL/OAUTHBEARER logins as managed by this class are only supported
* when a single {@code LoginModule} implementing {@link OAuthBearerLoginModule}
* is communicated to the code. This may be in a non-broker client client where
* only 1 SASL mechanism can be declared; or it may be in an inter-broker
* context where there is only one SASL mechanism defined for the cluster or
* because the JAAS configuration is done via the dynamic functionality
* introduced via <a href=
* "https://cwiki.apache.org/confluence/display/KAFKA/KIP-226+-+Dynamic+Broker+Configuration">KIP-226</a>
* that eliminates the mechanism-to-login-module ambiguity associated with
* declaring multiple SASL mechanisms in a single broker JAAS configuration
* file.
*
* @see OAuthBearerUnsecuredLoginCallbackHandler
*/
public class OAuthBearerRefreshingLogin implements Login {
// etc...
} |
...