Package io.deephaven.auth

Interface AuthenticationRequestHandler

All Known Implementing Classes:
AnonymousAuthenticationHandler, BasicAuthMarshaller, MTlsAuthenticationHandler, OidcAuthenticationHandler, PskAuthenticationHandler
public interface AuthenticationRequestHandler
Simple interface to handle incoming authentication requests from flight/barrage clients, via Handshake or the Flight Authentication header. This is intended to be a low-level way to handle incoming payload bytes.

  • Method Details

    • getAuthType

      String getAuthType()
      This handler can be referred to via both Arrow Flight's original Auth and Auth2. To use via the original Arrow Flight Handshake, the request should be sent in a WrappedAuthenticationRequest with this handler's identity string. To use via Arrow Flight Auth 2's metadata header, then the Auth2Constants.AUTHORIZATION_HEADER should be prefixed with this handler's identity string.
      Returns:
      the type string used to identify the handler

    • login

      Optional<AuthContext> login(long protocolVersion, ByteBuffer payload, AuthenticationRequestHandler.HandshakeResponseListener listener) throws AuthenticationException
      Given a protocol version (very likely to be zero) and payload bytes, if possible authenticate this user. If the handler can correctly decode the payload and confirm the user's identity, an appropriate UserContext should be returned. If the payload is correctly decoded and definitely isn't a valid user, an exception may be thrown. If there is ambiguity in decoding the payload (leading to apparent "not a valid user") or the payload cannot be decoded, an empty optional should be returned. Note that regular arrow flight clients cannot specify the protocolVersion; to be compatible with flight auth assume protocolVersion will be zero.
      Parameters:
      protocolVersion - Mostly unused, this is an allowed field to set on HandshakeRequests from the Flight gRPC call.
      payload - The byte payload of the handshake, such as an encoded protobuf.
      listener - The handshake response observer, which enables multi-request authentication.
      Returns:
      AuthContext for this user if applicable else Empty
      Throws:
      AuthenticationException

    • login

      Optional<AuthContext> login(String payload, AuthenticationRequestHandler.MetadataResponseListener listener) throws AuthenticationException
      Given a payload string, if possible authenticate this user. If the handler can correctly decode the payload and confirm the user's identity, an appropriate UserContext should be returned. If the payload is correctly decoded and definitely isn't a valid user, an exception may be thrown. If there is ambiguity in decoding the payload (leading to apparent "not a valid user") or the payload cannot be decoded, an empty optional should be returned. Note that metadata can only be sent with the initial gRPC response; multi-message authentication via gRPC metadata headers require multiple gRPC call attempts.
      Parameters:
      payload - The byte payload of the Authorization header, such as an encoded protobuf or b64 encoded string.
      listener - The metadata response observer, which enables multi-request authentication.
      Returns:
      AuthContext for this user if applicable else Empty
      Throws:
      AuthenticationException

    • initialize

      void initialize(String targetUrl)
      Initialize request handler with the provided url.
      Parameters:
      targetUrl - the base url of the hosted UI

    • urls

      default List<String> urls(String targetUrl)
      Provides URLs that may be used to authenticate with this authentication request handler.
      Parameters:
      targetUrl - the base url of the hosted UI