Class TokenBearerServerLoginCallbackHandler

java.lang.Object

io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler

All Implemented Interfaces:

CallbackHandler, org.apache.kafka.common.security.auth.AuthenticateCallbackHandler

public class TokenBearerServerLoginCallbackHandler
extends Object
implements org.apache.kafka.common.security.auth.AuthenticateCallbackHandler

An abstract CallbackHandler for the OAuthLoginModule. There are two cases which must be covered with Token based authentication. 1. Inter-broker communication using Authentication Tokens 2. Inter-broker communication using another mechanism

Note: Inter-broker communication is not supported by this callback handler when running the token service on the same broker.

The first case will look almost exactly like the client login callback handler. See TokenBearerLoginCallbackHandler. In the event the broker is not configured to use the OAuthLoginModule for inter-broker communication it will return a null token. With Inter-broker communication using Authentication Tokens

  org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required
     metadataServerUrls="http://metadataServerUrls"
     publicKeyPath="dir-to-pem-file"
     username="broker"
     password="broker"
 

Without Inter-broker communication using Authentication Tokens

  org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required
     publicKeyPath="dir-to-pem-file"
 

This class should be explicitly set via the listener.name.XXX.YYY.sasl.login.callback.handler.class configuration property

Constructor Summary

Constructors

Constructor	Description
TokenBearerServerLoginCallbackHandler()

Method Summary

Modifier and Type	Method	Description
void	close()
void	configure(Map<String,?> configs, String saslMechanism, List<AppConfigurationEntry> jaasConfigEntries)
void	handle(Callback[] callbacks)
static void	validatePublicKey(String publicKeyPath)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TokenBearerServerLoginCallbackHandler

public TokenBearerServerLoginCallbackHandler()

Method Details

configure

public void configure(Map<String,?> configs,
 String saslMechanism,
 List<AppConfigurationEntry> jaasConfigEntries)

Specified by:

configure in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandler

handle

public void handle(Callback[] callbacks)
            throws IOException,
UnsupportedCallbackException

Specified by:

handle in interface CallbackHandler

Throws:

IOException

UnsupportedCallbackException

close

public void close()

Specified by:

close in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandler

validatePublicKey

public static void validatePublicKey(String publicKeyPath)