Class SpireJwtLoginCallbackHandler
java.lang.Object
io.confluent.kafka.clients.plugins.auth.oauth.SpireJwtLoginCallbackHandler
- All Implemented Interfaces:
CallbackHandler,org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
- Direct Known Subclasses:
MockSpireJwtLoginCallbackHandler
public class SpireJwtLoginCallbackHandler
extends Object
implements org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
A
CallbackHandler that recognizes OAuthBearerTokenCallback
and retrieves SPIFFE JWT from Spire Agent that is running at the endpoint provided via
the sasl.oauthbearer.token.spire.agent.endpoint.
It also attaches the logical cluster this client is allowed to work with as a SASL extension.
For example:
sasl.oauthbearer.token.spire.agent.endpoint='invalid input: '<'invalid input: '<'spire-agent-endpoint>>'
sasl.jaas.config= org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
logicalCluster='invalid input: '<'cluster-id>';
This class should be explicitly set via the sasl.login.callback.handler.class
client configuration property.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
-
Field Details
-
SASL_OAUTHBEARER_TOKEN_SPIRE_AGENT_ENDPOINT
- See Also:
-
-
Constructor Details
-
SpireJwtLoginCallbackHandler
public SpireJwtLoginCallbackHandler()
-
-
Method Details
-
configure
public void configure(Map<String, ?> configs, String saslMechanism, List<AppConfigurationEntry> jaasConfigEntries) - Specified by:
configurein interfaceorg.apache.kafka.common.security.auth.AuthenticateCallbackHandler
-
close
public void close()- Specified by:
closein interfaceorg.apache.kafka.common.security.auth.AuthenticateCallbackHandler
-
handle
- Specified by:
handlein interfaceCallbackHandler- Throws:
IOExceptionUnsupportedCallbackException
-