public abstract class PlainSaslAuthenticator extends Object
Modifier and Type | Field and Description |
---|---|
protected static String |
AUTHENTICATION_FAILED_MSG
Visible for testing
|
protected static AuthAttemptCache |
FAILED_AUTH_CACHE |
protected org.slf4j.Logger |
log |
protected SniValidationMode |
mode |
protected static AuthAttemptCache |
SUCCESSFUL_AUTH_CACHE |
Constructor and Description |
---|
PlainSaslAuthenticator(AuthAttemptCache successfulAuthCache,
AuthAttemptCache failedAuthCache) |
Modifier and Type | Method and Description |
---|---|
io.confluent.kafka.multitenant.MultiTenantPrincipal |
authenticate(String username,
String password,
Optional<org.apache.kafka.common.security.authenticator.PathAwareSniHostName> sniHostName)
Authenticate user by checking username, password and cluster id.
|
Optional<String> |
clusterId(String username)
return cluster Id for the given username/APIKey
|
void |
initialize(List<AppConfigurationEntry> jaasContextEntries) |
protected abstract MultiTenantSaslSecrets |
loadSecrets() |
protected final org.slf4j.Logger log
protected static final String AUTHENTICATION_FAILED_MSG
protected SniValidationMode mode
protected static final AuthAttemptCache SUCCESSFUL_AUTH_CACHE
protected static final AuthAttemptCache FAILED_AUTH_CACHE
public PlainSaslAuthenticator(AuthAttemptCache successfulAuthCache, AuthAttemptCache failedAuthCache)
protected abstract MultiTenantSaslSecrets loadSecrets()
public io.confluent.kafka.multitenant.MultiTenantPrincipal authenticate(String username, String password, Optional<org.apache.kafka.common.security.authenticator.PathAwareSniHostName> sniHostName) throws SaslException, org.apache.kafka.common.errors.SaslAuthenticationException
username
- usernamepassword
- passwordsniHostName
- SNI broker hostname. We store host name in SNI to route to relevant broker.MultiTenantPrincipal
containing authorization id and tenantorg.apache.kafka.common.errors.SaslAuthenticationException
- if authentication fails.
Note that the error string in the SaslAuthenticationException
is returned to the client so do not leak information in it.SaslException
- if any unexpected errors are encounteredpublic Optional<String> clusterId(String username) throws SaslException
SaslException
public void initialize(List<AppConfigurationEntry> jaasContextEntries)