Example 1 with OAuthBearerUnsecuredValidatorCallbackHandler
use of org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler in project kafka by apache.
the class SaslChannelBuilder method createServerCallbackHandlers.
private void createServerCallbackHandlers(Map<String, ?> configs) {
for (String mechanism : jaasContexts.keySet()) {
AuthenticateCallbackHandler callbackHandler;
String prefix = ListenerName.saslMechanismPrefix(mechanism);
@SuppressWarnings("unchecked") Class<? extends AuthenticateCallbackHandler> clazz = (Class<? extends AuthenticateCallbackHandler>) configs.get(prefix + BrokerSecurityConfigs.SASL_SERVER_CALLBACK_HANDLER_CLASS);
if (clazz != null)
callbackHandler = Utils.newInstance(clazz);
else if (mechanism.equals(PlainSaslServer.PLAIN_MECHANISM))
callbackHandler = new PlainServerCallbackHandler();
else if (ScramMechanism.isScram(mechanism))
callbackHandler = new ScramServerCallbackHandler(credentialCache.cache(mechanism, ScramCredential.class), tokenCache);
else if (mechanism.equals(OAuthBearerLoginModule.OAUTHBEARER_MECHANISM))
callbackHandler = new OAuthBearerUnsecuredValidatorCallbackHandler();
else
callbackHandler = new SaslServerCallbackHandler();
saslCallbackHandlers.put(mechanism, callbackHandler);
}
}
Also used :
OAuthBearerUnsecuredValidatorCallbackHandler(org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler)
ScramCredential(org.apache.kafka.common.security.scram.ScramCredential)
ScramServerCallbackHandler(org.apache.kafka.common.security.scram.internals.ScramServerCallbackHandler)
PlainServerCallbackHandler(org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler)
SaslServerCallbackHandler(org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
AuthenticateCallbackHandler(org.apache.kafka.common.security.auth.AuthenticateCallbackHandler)
Example 2 with OAuthBearerUnsecuredValidatorCallbackHandler
use of org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler in project kafka by apache.
the class OAuthBearerSaslServerTest method throwsAuthenticationExceptionOnInvalidExtensions.
/**
* If the callback handler handles the `OAuthBearerExtensionsValidatorCallback`
* and finds an invalid extension, SaslServer should throw an authentication exception
*/
@Test
public void throwsAuthenticationExceptionOnInvalidExtensions() {
OAuthBearerUnsecuredValidatorCallbackHandler invalidHandler = new OAuthBearerUnsecuredValidatorCallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof OAuthBearerValidatorCallback) {
OAuthBearerValidatorCallback validationCallback = (OAuthBearerValidatorCallback) callback;
validationCallback.token(new OAuthBearerTokenMock());
} else if (callback instanceof OAuthBearerExtensionsValidatorCallback) {
OAuthBearerExtensionsValidatorCallback extensionsCallback = (OAuthBearerExtensionsValidatorCallback) callback;
extensionsCallback.error("firstKey", "is not valid");
extensionsCallback.error("secondKey", "is not valid either");
} else
throw new UnsupportedCallbackException(callback);
}
}
};
saslServer = new OAuthBearerSaslServer(invalidHandler);
Map<String, String> customExtensions = new HashMap<>();
customExtensions.put("firstKey", "value");
customExtensions.put("secondKey", "value");
assertThrows(SaslAuthenticationException.class, () -> saslServer.evaluateResponse(clientInitialResponse(null, false, customExtensions)));
}
Also used :
OAuthBearerUnsecuredValidatorCallbackHandler(org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler)
OAuthBearerTokenMock(org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenMock)
OAuthBearerTokenCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback)
OAuthBearerValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback)
OAuthBearerExtensionsValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback)
Callback(javax.security.auth.callback.Callback)
HashMap(java.util.HashMap)
OAuthBearerValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback)
OAuthBearerExtensionsValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Test(org.junit.jupiter.api.Test)
Aggregations
OAuthBearerUnsecuredValidatorCallbackHandler (org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler)2
HashMap (java.util.HashMap)1
Callback (javax.security.auth.callback.Callback)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
AuthenticateCallbackHandler (org.apache.kafka.common.security.auth.AuthenticateCallbackHandler)1
SaslServerCallbackHandler (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)1
OAuthBearerExtensionsValidatorCallback (org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback)1
OAuthBearerTokenCallback (org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback)1
OAuthBearerTokenMock (org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenMock)1
OAuthBearerValidatorCallback (org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback)1
PlainServerCallbackHandler (org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler)1
ScramCredential (org.apache.kafka.common.security.scram.ScramCredential)1
ScramServerCallbackHandler (org.apache.kafka.common.security.scram.internals.ScramServerCallbackHandler)1
Test (org.junit.jupiter.api.Test)1
