use of org.apache.kafka.common.security.oauthbearer.internals.expiring.ExpiringCredential in project kafka by apache.
the class OAuthBearerRefreshingLogin method configure.
@Override
public void configure(Map<String, ?> configs, String contextName, Configuration configuration, AuthenticateCallbackHandler loginCallbackHandler) {
/*
* Specify this class as the one to synchronize on so that only one OAuth 2
* Bearer Token is refreshed at a given time. Specify null if we don't mind
* multiple simultaneously refreshes. Refreshes happen on the order of minutes
* rather than seconds or milliseconds, and there are typically minutes of
* lifetime remaining when the refresh occurs, so serializing them seems
* reasonable.
*/
Class<OAuthBearerRefreshingLogin> classToSynchronizeOnPriorToRefresh = OAuthBearerRefreshingLogin.class;
expiringCredentialRefreshingLogin = new ExpiringCredentialRefreshingLogin(contextName, configuration, new ExpiringCredentialRefreshConfig(configs, true), loginCallbackHandler, classToSynchronizeOnPriorToRefresh) {
@Override
public ExpiringCredential expiringCredential() {
Set<OAuthBearerToken> privateCredentialTokens = expiringCredentialRefreshingLogin.subject().getPrivateCredentials(OAuthBearerToken.class);
if (privateCredentialTokens.isEmpty())
return null;
final OAuthBearerToken token = privateCredentialTokens.iterator().next();
if (log.isDebugEnabled())
log.debug("Found expiring credential with principal '{}'.", token.principalName());
return new ExpiringCredential() {
@Override
public String principalName() {
return token.principalName();
}
@Override
public Long startTimeMs() {
return token.startTimeMs();
}
@Override
public long expireTimeMs() {
return token.lifetimeMs();
}
@Override
public Long absoluteLastRefreshTimeMs() {
return null;
}
};
}
};
}
Aggregations