public abstract class PlainSaslAuthenticator extends Object
| Modifier and Type | Field and Description |
|---|---|
static String |
USER_RESOURCE_ID |
| Constructor and Description |
|---|
PlainSaslAuthenticator(AuthAttemptCache successfulAuthCache,
AuthAttemptCache failedAuthCache) |
| Modifier and Type | Method and Description |
|---|---|
io.confluent.kafka.multitenant.MultiTenantPrincipal |
authenticate(String username,
String password,
Optional<org.apache.kafka.common.security.authenticator.PathAwareSniHostName> sniHostName,
Optional<String> suppliedClusterId,
Optional<String> networkId)
Authenticate user by checking username, password, cluster id and network ID.
|
Optional<String> |
clusterId(String username)
return cluster Id for the given username/APIKey
|
void |
initialize(List<AppConfigurationEntry> jaasContextEntries) |
static io.confluent.kafka.multitenant.MultiTenantPrincipal |
multiTenantPrincipal(String username,
io.confluent.kafka.server.plugins.auth.MultiTenantSaslConfigEntry userInfo) |
public static final String USER_RESOURCE_ID
public PlainSaslAuthenticator(AuthAttemptCache successfulAuthCache, AuthAttemptCache failedAuthCache)
public static io.confluent.kafka.multitenant.MultiTenantPrincipal multiTenantPrincipal(String username, io.confluent.kafka.server.plugins.auth.MultiTenantSaslConfigEntry userInfo)
public io.confluent.kafka.multitenant.MultiTenantPrincipal authenticate(String username, String password, Optional<org.apache.kafka.common.security.authenticator.PathAwareSniHostName> sniHostName, Optional<String> suppliedClusterId, Optional<String> networkId) throws SaslException, org.apache.kafka.common.errors.SaslAuthenticationException
username - usernamepassword - passwordsniHostName - SNI broker hostname. We store host name in SNI to route to relevant broker.suppliedClusterId - the cluster id which originates from the SNI header or the PROXY headernetworkId - optional network ID of the authenticating client.MultiTenantPrincipal containing authorization id and tenantorg.apache.kafka.common.errors.SaslAuthenticationException - if authentication fails.
Note that the error string in the SaslAuthenticationException
is returned to the client so do not leak information in it.SaslException - if any unexpected errors are encounteredpublic Optional<String> clusterId(String username) throws SaslException
SaslExceptionpublic void initialize(List<AppConfigurationEntry> jaasContextEntries)