Versions Compared

Old Version 26

changes.mady.by.user Stanislav Kozlovski

Saved on

compared with

New Version Current

changes.mady.by.user Stanislav Kozlovski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejava
package org.apache.kafka.common.security.oauthbearer;

/**
 * A {@code Callback} for use by the {@code SaslServer} implementation when it
 * needs to validate the SASL extensions for the OAUTHBEARER mechanism
 * Callback handlers should use the {@link #validate(String)}
 * method to communicate valid extensions back to the SASL server.
 * Callback handlers should use the
 * {@link #error(String, String)} method to communicate validation errors back to
 * the SASL Server.
 * As per RFC-7628 (https://tools.ietf.org/html/rfc7628#section-3.1), unknown extensions must be ignored by the server.
 * The callback handler implementation should simply ignore unknown extensions,
 * not calling {@link #error(String, String)} nor {@link #validate(String)}.
 * Callback handlers should communicate other problems by raising an {@code IOException}.
 * <p>
 * The OAuth bearer token is provided in the callback for better context in extension validation.
 * It is very important that token validation is done in its own {@link OAuthBearerValidatorCallback}
 * irregardless of provided extensions, as they are inherently insecure.
 */
public class OAuthBearerExtensionsValidatorCallback implements Callback {

    public OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token, SaslExtensions extensions)

    /**
     * @return {@link OAuthBearerToken} the OAuth bearer token (potentially null)of the client
     */
    public OAuthBearerToken token()

    /**
     * @return {@link SaslExtensions} consisting of the unvalidated extension names and values that were sent by the client
     */
    public SaslExtensions extensionsinputExtensions()

    /**
     * @return (potentiallyan null)unmodifiable {@link OAuthBearerTokenMap} consisting of the OAuthvalidated bearerand tokenrecognized ofby the clientserver extension names and values
     */
    public Map<String, OAuthBearerTokenString> tokenvalidatedExtensions()

    /**
     * @return (potentially null) name An immutable {@link Map} consisting of the name->error messages of extensionextensions which causedfailed validation failure
     */
    public String invalidExtensionNameMap<String, String> invalidExtensions()

    /**
     * @return (potentially null) message further describing reason of validation failure Validates a specific extension in the original {@code inputExtensions} map
     * @param extensionName - the name of the extension which was validated
     */
    public void validate(String errorMessage(extensionName)

    /**
     * Set the error value for valuesa ifspecific extension key-value pair if validation has failed
     *
     * @param invalidExtensionName
     *            the mandatory extension name which caused the validation failure
     * @param errorMessage
     *            optional error message describing why the validation failed
     */
    public void error(String invalidExtensionName, String errorMessage)
}

...