public class OAuthBearerValidatorCallbackHandler extends Object implements org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
CallbackHandler
that recognizes
OAuthBearerValidatorCallback
and OAuthBearerExtensionsValidatorCallback
for validating a secured OAuth 2 bearer token issued by Confluent and SASL extensions
specifying the logical cluster this token is meant for.
It verifies the signature of the JWTToken through a public key it reads from a file path, set in the JAAS config
This class must be explicitly set via the
listener.name.sasl_[plaintext|ssl].oauthbearer.sasl.server.callback.handler.class
broker configuration property.
Constructor and Description |
---|
OAuthBearerValidatorCallbackHandler() |
Modifier and Type | Method and Description |
---|---|
void |
close() |
void |
configure(Map<String,?> configs,
String saslMechanism,
List<AppConfigurationEntry> jaasConfigEntries) |
void |
handle(Callback[] callbacks) |
protected boolean |
isSniHostNameMatched(org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback callback,
String logicalClusterId,
String sniHostName,
SniValidationMode sniValidationMode) |
public void configure(Map<String,?> configs, String saslMechanism, List<AppConfigurationEntry> jaasConfigEntries)
configure
in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
public void handle(Callback[] callbacks) throws UnsupportedCallbackException
handle
in interface CallbackHandler
UnsupportedCallbackException
public void close()
close
in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
protected boolean isSniHostNameMatched(org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback callback, String logicalClusterId, String sniHostName, SniValidationMode sniValidationMode)