THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block | ||
---|---|---|
| ||
package org.apache.kafka.common.security.oauthbearer; /** * A {@code Callback} for use by the {@code SaslServer} implementation when it * needs to validate the SASL extensions for the OAUTHBEARER mechanism * Callback handlers should use the {@link #validate(String)} * method to communicate valid extensions back to the SASL server. * Callback handlers should use the * {@link #error(String, String)} method to communicate validation errors back to * the SASL Server. * As per RFC-7628 (https://tools.ietf.org/html/rfc7628#section-3.1), unknown extensions must be ignored by the server. * The callback handler implementation should simply ignore unknown extensions, * not calling {@link #error(String, String)} nor {@link #validate(String)}. * Callback handlers should communicate other problems by raising an {@code IOException}. * <p> * The OAuth bearer token is provided in the callback for better context in extension validation. * It is very important that token validation is done in its own {@link OAuthBearerValidatorCallback} * irregardless of provided extensions, as they are inherently insecure. */ public class OAuthBearerExtensionsValidatorCallback implements Callback { public OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token, SaslExtensions extensions) /** * @return {@link OAuthBearerToken} the OAuth bearer token (potentially null)of the client */ public OAuthBearerToken token() /** * @return {@link SaslExtensions} consisting of the unvalidated extension names and values that were sent by the client */ public SaslExtensions extensionsinputExtensions() /** * @return (potentiallyan null)unmodifiable {@link OAuthBearerTokenMap} consisting of the OAuthvalidated bearerand tokenrecognized ofby the clientserver extension names and values */ public Map<String, OAuthBearerTokenString> tokenvalidatedExtensions() /** * @return (potentially null) name An immutable {@link Map} consisting of the name->error messages of extensionextensions which causedfailed validation failure */ public String invalidExtensionNameMap<String, String> invalidExtensions() /** * @return (potentially null) message further describing reason of validation failure Validates a specific extension in the original {@code inputExtensions} map * @param extensionName - the name of the extension which was validated */ public void validate(String errorMessage(extensionName) /** * Set the error value for valuesa ifspecific extension key-value pair if validation has failed * * @param invalidExtensionName * the mandatory extension name which caused the validation failure * @param errorMessage * optional error message describing why the validation failed */ public void error(String invalidExtensionName, String errorMessage) } |
...