use of org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback in project kafka by apache.
the class OAuthBearerSaslServerTest method throwsAuthenticationExceptionOnInvalidExtensions.
/**
* If the callback handler handles the `OAuthBearerExtensionsValidatorCallback`
* and finds an invalid extension, SaslServer should throw an authentication exception
*/
@Test
public void throwsAuthenticationExceptionOnInvalidExtensions() {
OAuthBearerUnsecuredValidatorCallbackHandler invalidHandler = new OAuthBearerUnsecuredValidatorCallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof OAuthBearerValidatorCallback) {
OAuthBearerValidatorCallback validationCallback = (OAuthBearerValidatorCallback) callback;
validationCallback.token(new OAuthBearerTokenMock());
} else if (callback instanceof OAuthBearerExtensionsValidatorCallback) {
OAuthBearerExtensionsValidatorCallback extensionsCallback = (OAuthBearerExtensionsValidatorCallback) callback;
extensionsCallback.error("firstKey", "is not valid");
extensionsCallback.error("secondKey", "is not valid either");
} else
throw new UnsupportedCallbackException(callback);
}
}
};
saslServer = new OAuthBearerSaslServer(invalidHandler);
Map<String, String> customExtensions = new HashMap<>();
customExtensions.put("firstKey", "value");
customExtensions.put("secondKey", "value");
assertThrows(SaslAuthenticationException.class, () -> saslServer.evaluateResponse(clientInitialResponse(null, false, customExtensions)));
}
use of org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback in project kafka by apache.
the class OAuthBearerSaslServer method processExtensions.
private Map<String, String> processExtensions(OAuthBearerToken token, SaslExtensions extensions) throws SaslException {
OAuthBearerExtensionsValidatorCallback extensionsCallback = new OAuthBearerExtensionsValidatorCallback(token, extensions);
try {
callbackHandler.handle(new Callback[] { extensionsCallback });
} catch (UnsupportedCallbackException e) {
// backwards compatibility - no extensions will be added
} catch (IOException e) {
handleCallbackError(e);
}
if (!extensionsCallback.invalidExtensions().isEmpty()) {
String errorMessage = String.format("Authentication failed: %d extensions are invalid! They are: %s", extensionsCallback.invalidExtensions().size(), Utils.mkString(extensionsCallback.invalidExtensions(), "", "", ": ", "; "));
log.debug(errorMessage);
throw new SaslAuthenticationException(errorMessage);
}
return extensionsCallback.validatedExtensions();
}
Aggregations