Class OAuthBearerExtensionsValidatorCallback
- java.lang.Object
-
- org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback
-
- All Implemented Interfaces:
javax.security.auth.callback.Callback
public class OAuthBearerExtensionsValidatorCallback extends java.lang.Object implements javax.security.auth.callback.Callback
ACallback
for use by theSaslServer
implementation when it needs to validate the SASL extensions for the OAUTHBEARER mechanism Callback handlers should use thevalid(String)
method to communicate valid extensions back to the SASL server. Callback handlers should use theerror(String, String)
method to communicate validation errors back to the SASL Server. As per RFC-7628 (https://tools.ietf.org/html/rfc7628#section-3.1), unknown extensions must be ignored by the server. The callback handler implementation should simply ignore unknown extensions, not callingerror(String, String)
norvalid(String)
. Callback handlers should communicate other problems by raising anIOException
.The OAuth bearer token is provided in the callback for better context in extension validation. It is very important that token validation is done in its own
OAuthBearerValidatorCallback
irregardless of provided extensions, as they are inherently insecure.
-
-
Constructor Summary
Constructors Constructor Description OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token, SaslExtensions extensions)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
error(java.lang.String invalidExtensionName, java.lang.String errorMessage)
Set the error value for a specific extension key-value pair if validation has failedjava.util.Map<java.lang.String,java.lang.String>
ignoredExtensions()
SaslExtensions
inputExtensions()
java.util.Map<java.lang.String,java.lang.String>
invalidExtensions()
OAuthBearerToken
token()
void
valid(java.lang.String extensionName)
Validates a specific extension in the originalinputExtensions
mapjava.util.Map<java.lang.String,java.lang.String>
validatedExtensions()
-
-
-
Constructor Detail
-
OAuthBearerExtensionsValidatorCallback
public OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token, SaslExtensions extensions)
-
-
Method Detail
-
token
public OAuthBearerToken token()
- Returns:
OAuthBearerToken
the OAuth bearer token of the client
-
inputExtensions
public SaslExtensions inputExtensions()
- Returns:
SaslExtensions
consisting of the unvalidated extension names and values that were sent by the client
-
validatedExtensions
public java.util.Map<java.lang.String,java.lang.String> validatedExtensions()
- Returns:
- an unmodifiable
Map
consisting of the validated and recognized by the server extension names and values
-
invalidExtensions
public java.util.Map<java.lang.String,java.lang.String> invalidExtensions()
- Returns:
- An immutable
Map
consisting of the name->error messages of extensions which failed validation
-
ignoredExtensions
public java.util.Map<java.lang.String,java.lang.String> ignoredExtensions()
- Returns:
- An immutable
Map
consisting of the extensions that have neither been validated nor invalidated
-
valid
public void valid(java.lang.String extensionName)
Validates a specific extension in the originalinputExtensions
map- Parameters:
extensionName
- - the name of the extension which was validated
-
error
public void error(java.lang.String invalidExtensionName, java.lang.String errorMessage)
Set the error value for a specific extension key-value pair if validation has failed- Parameters:
invalidExtensionName
- the mandatory extension name which caused the validation failureerrorMessage
- error message describing why the validation failed
-
-