• Home
• io.streamnative.pulsar.handlers
• pulsar-protocol-handler-kafka
• 3.0.6.6
• source code
• KopOAuthBearerValidatorCallback.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.streamnative.pulsar.handlers.kop.security.oauth.KopOAuthBearerValidatorCallback Maven / Gradle / Ivy

/**
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.streamnative.pulsar.handlers.kop.security.oauth;

import java.util.Objects;
import javax.security.auth.callback.Callback;
import org.apache.kafka.common.annotation.InterfaceStability;


/**
 * Copied from {@link org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback}.
 *
 * A {@code Callback} for use by the {@code SaslServer} implementation when it
 * needs to provide an OAuth 2 bearer token compact serialization for
 * validation. Callback handlers should use the
 * {@link #error(String, String, String)} method to communicate errors back to
 * the SASL Client as per
 * RFC 6749: The OAuth
 * 2.0 Authorization Framework and the IANA
 * OAuth Extensions Error Registry. Callback handlers should communicate
 * other problems by raising an {@code IOException}.
 * 

 * This class was introduced in 2.0.0 and, while it feels stable, it could
 * evolve. We will try to evolve the API in a compatible manner, but we reserve
 * the right to make breaking changes in minor releases, if necessary. We will
 * update the {@code InterfaceStability} annotation and this notice once the API
 * is considered stable.
 */
@InterfaceStability.Evolving
public class KopOAuthBearerValidatorCallback implements Callback {

    private final String tokenValue;
    private KopOAuthBearerToken token = null;
    private String errorStatus = null;
    private String errorScope = null;
    private String errorOpenIDConfiguration = null;

    /**
     * Constructor.
     *
     * @param tokenValue
     *            the mandatory/non-blank token value
     */
    public KopOAuthBearerValidatorCallback(String tokenValue) {
        if (Objects.requireNonNull(tokenValue).isEmpty()) {
            throw new IllegalArgumentException("token value must not be empty");
        }
        this.tokenValue = tokenValue;
    }

    /**
     * Return the (always non-null) token value.
     *
     * @return the (always non-null) token value
     */
    public String tokenValue() {
        return tokenValue;
    }

    /**
     * Return the (potentially null) token.
     *
     * @return the (potentially null) token
     */
    public KopOAuthBearerToken token() {
        return token;
    }

    /**
     * Return the (potentially null) error status value as per
     * RFC 7628: A Set
     * of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
     * and the IANA
     * OAuth Extensions Error Registry.
     *
     * @return the (potentially null) error status value
     */
    public String errorStatus() {
        return errorStatus;
    }

    /**
     * Return the (potentially null) error scope value as per
     * RFC 7628: A Set
     * of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth.
     *
     * @return the (potentially null) error scope value
     */
    public String errorScope() {
        return errorScope;
    }

    /**
     * Return the (potentially null) error openid-configuration value as per
     * RFC 7628: A Set
     * of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth.
     *
     * @return the (potentially null) error openid-configuration value
     */
    public String errorOpenIDConfiguration() {
        return errorOpenIDConfiguration;
    }

    /**
     * Set the token. The token value is unchanged and is expected to match the
     * provided token's value. All error values are cleared.
     *
     * @param token
     *            the mandatory token to set
     */
    public void token(KopOAuthBearerToken token) {
        this.token = Objects.requireNonNull(token);
        this.errorStatus = null;
        this.errorScope = null;
        this.errorOpenIDConfiguration = null;
    }

    /**
     * Set the error values as per
     * RFC 7628: A Set
     * of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth.
     * Any token is cleared.
     *
     * @param errorStatus
     *            the mandatory error status value from the IANA
     *            OAuth Extensions Error Registry to set
     * @param errorScope
     *            the optional error scope value to set
     * @param errorOpenIDConfiguration
     *            the optional error openid-configuration value to set
     */
    public void error(String errorStatus, String errorScope, String errorOpenIDConfiguration) {
        if (Objects.requireNonNull(errorStatus).isEmpty()) {
            throw new IllegalArgumentException("error status must not be empty");
        }
        this.errorStatus = errorStatus;
        this.errorScope = errorScope;
        this.errorOpenIDConfiguration = errorOpenIDConfiguration;
        this.token = null;
    }
}