io.confluent.kafka.clients.plugins.auth.token.AbstractTokenLoginCallbackHandler

io.confluent.kafka.clients.plugins.auth.token.TokenBearerLoginCallbackHandler

All Implemented Interfaces:: CallbackHandler, org.apache.kafka.common.security.auth.AuthenticateCallbackHandler

public class TokenBearerLoginCallbackHandler extends AbstractTokenLoginCallbackHandler

A CallbackHandler for the OAuthBearerLoginModule. There are three cases which must be covered with Token based authentication. 1. Kafka client-side User/Password credential authentication 2. Kafka client-side Token credential authentication 3. Kafka client impersonation. All three circumstances can be handled through the use of two callback handlers. TokenUserLoginCallbackHandler for User/Password credential authentication. TokenBearerLoginCallbackHandler for Token credential authentication. Any application with a valid Authentication Token may impersonate another user making TokenBearerLoginCallbackHandler suitable for scenario 3 as well. This class handles the token credential approach and can be configured as such.

  org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required
      authenticationToken="long-token-string"
      metadataServerUrls="https://mds:8080"

This class should be explicitly set via the sasl.login.callback.handler.class configuration property

Constructor Summary

Constructors

Constructor

Description

TokenBearerLoginCallbackHandler()
Method Summary

Modifier and Type

Method

Description

void

close()

void

configure(Map<String,?> configs)

void

validateHaveCredentials(Map<String,String> moduleOptions, Map<String,?> configs)

Methods inherited from class io.confluent.kafka.clients.plugins.auth.token.AbstractTokenLoginCallbackHandler
configure, handle

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- TokenBearerLoginCallbackHandler
  
  public TokenBearerLoginCallbackHandler()
Method Details
- configure
  
  public void configure(Map<String,?> configs)
  
  Specified by:
  
  configure in class AbstractTokenLoginCallbackHandler
- close
  
  public void close()
  
  Specified by:
  
  close in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
  
  Overrides:
  
  close in class AbstractTokenLoginCallbackHandler
- validateHaveCredentials
  
  public void validateHaveCredentials(Map<String,String> moduleOptions, Map<String,?> configs) throws org.apache.kafka.common.config.ConfigException
  
  Specified by:
  
  validateHaveCredentials in class AbstractTokenLoginCallbackHandler
  
  Throws:
  
  org.apache.kafka.common.config.ConfigException

Class TokenBearerLoginCallbackHandler

Constructor Summary

Method Summary

Methods inherited from class io.confluent.kafka.clients.plugins.auth.token.AbstractTokenLoginCallbackHandler

Methods inherited from class java.lang.Object

Constructor Details

TokenBearerLoginCallbackHandler

Method Details

configure

close

validateHaveCredentials