...
Code Block | ||||
---|---|---|---|---|
| ||||
public class SaslExtensionsCallback implements Callback { /** * Returns the extension names and values that are sent by the client to * the server in the initial client SASL authentication message. * Default is an empty map. */ public Map<String, String>SaslExtensions extensions() /** * Sets the SASL extensions on this callback. */ public void extensions(SaslExtensions extensions) } |
`SaslExtensions` - class for holding extensions data
Code Block |
---|
package org.apache.kafka.common.security.auth; /** * A simple value object class holding customizable SASL extensions */ public class SaslExtensions { public SaslExtensions(String extensions, String separator) public SaslExtensions(Map<String, String> extensions extensionMap, String separator) public String extensionValue(String name) public Set<String> extensionNames() public boolean isEmpty() } |
Proposed Changes
Describe the new thing you want to do in appropriate detail. This may be fairly extensive and have large subsections of its own. Or it may be a few sentences. Use judgement based on the scope of the change.
Create a new `SaslExtensions` class that takes most of the generalizable logic from `ScramExtensions`. `ScramExtensions` will wil extend `SaslExtensions`
Create a new `SaslExtensionsCallback` which will be exactly the same as similar to `ScramExtensionsCallback`. `ScramExtensionsCallback` cannot be deleted since it is a public class - (but will be deprecated) but it will NOT extend `SaslExtensionsCallback` to preserve backwards-compatibilitysince it will not support the new `SaslExtensions` class.
Pass `SaslExtensionsCallback` to the callback handler of `OAuthBearerLoginModule` so that the handler can parse the extensions from the JAAS config and populate them in the Subject class.
Pass `SaslExtensionsCallback` to the callback handler of `OAuthBearerSaslClient` so that the handler can take the extensions from the Subject and populate them in the callback. `OAuthBearerSaslClient` will then attach the populated extensions (if any) to the first client message.
Have `OAuthBearerServer` parse sent extensions and expose them via its `OAuthBearerServer#getNegotiatedProperty()` method. It will use a strict regex, parsing only letters for keys and only ASCII characters for values
...