Package io.deephaven.auth
Class BasicAuthMarshaller
java.lang.Object
io.deephaven.auth.BasicAuthMarshaller
- All Implemented Interfaces:
AuthenticationRequestHandler
Manually decode the payload as a BasicAuth message, confirm that only tags 2 and 3 are present as strings, otherwise
pass. This is stricter than a usual protobuf decode, under the assumption that FlightClient will always only write
those two fields, and user code couldn't customize the payload further to repeatedly write those fields or any other
field.
Despite being stricter than a standard protobuf decode, this is also very generic and might accidentally match the
wrong message type. For this reason, this handler should not run until other more selective handlers have finished.
This class delegates to a typed auth handler once it is certain that the payload appears to be a BasicAuth value.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
Handler for "Basic" auth types.Nested classes/interfaces inherited from interface io.deephaven.auth.AuthenticationRequestHandler
AuthenticationRequestHandler.HandshakeResponseListener, AuthenticationRequestHandler.MetadataResponseListener
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionThis handler can be referred to via both Arrow Flight's original Auth and Auth2.void
initialize
(String targetUrl) Initialize request handler with the provided url.login
(long protocolVersion, ByteBuffer payload, AuthenticationRequestHandler.HandshakeResponseListener listener) Given a protocol version (very likely to be zero) and payload bytes, if possible authenticate this user.login
(String payload, AuthenticationRequestHandler.MetadataResponseListener listener) Given a payload string, if possible authenticate this user.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface io.deephaven.auth.AuthenticationRequestHandler
urls
-
Field Details
-
AUTH_TYPE
-
-
Constructor Details
-
BasicAuthMarshaller
-
-
Method Details
-
getAuthType
Description copied from interface:AuthenticationRequestHandler
This handler can be referred to via both Arrow Flight's original Auth and Auth2. To use via the original Arrow Flight Handshake, the request should be sent in aWrappedAuthenticationRequest
with this handler's identity string. To use via Arrow Flight Auth 2's metadata header, then theAuth2Constants.AUTHORIZATION_HEADER
should be prefixed with this handler's identity string.- Specified by:
getAuthType
in interfaceAuthenticationRequestHandler
- Returns:
- the type string used to identify the handler
-
initialize
Description copied from interface:AuthenticationRequestHandler
Initialize request handler with the provided url.- Specified by:
initialize
in interfaceAuthenticationRequestHandler
- Parameters:
targetUrl
- the base url of the hosted UI
-
login
public Optional<AuthContext> login(long protocolVersion, ByteBuffer payload, AuthenticationRequestHandler.HandshakeResponseListener listener) throws AuthenticationException Description copied from interface:AuthenticationRequestHandler
Given a protocol version (very likely to be zero) and payload bytes, if possible authenticate this user. If the handler can correctly decode the payload and confirm the user's identity, an appropriate UserContext should be returned. If the payload is correctly decoded and definitely isn't a valid user, an exception may be thrown. If there is ambiguity in decoding the payload (leading to apparent "not a valid user") or the payload cannot be decoded, an empty optional should be returned. Note that regular arrow flight clients cannot specify the protocolVersion; to be compatible with flight auth assume protocolVersion will be zero.- Specified by:
login
in interfaceAuthenticationRequestHandler
- Parameters:
protocolVersion
- Mostly unused, this is an allowed field to set on HandshakeRequests from the Flight gRPC call.payload
- The byte payload of the handshake, such as an encoded protobuf.listener
- The handshake response observer, which enables multi-request authentication.- Returns:
- AuthContext for this user if applicable else Empty
- Throws:
AuthenticationException
-
login
public Optional<AuthContext> login(String payload, AuthenticationRequestHandler.MetadataResponseListener listener) throws AuthenticationException Description copied from interface:AuthenticationRequestHandler
Given a payload string, if possible authenticate this user. If the handler can correctly decode the payload and confirm the user's identity, an appropriate UserContext should be returned. If the payload is correctly decoded and definitely isn't a valid user, an exception may be thrown. If there is ambiguity in decoding the payload (leading to apparent "not a valid user") or the payload cannot be decoded, an empty optional should be returned. Note that metadata can only be sent with the initial gRPC response; multi-message authentication via gRPC metadata headers require multiple gRPC call attempts.- Specified by:
login
in interfaceAuthenticationRequestHandler
- Parameters:
payload
- The byte payload of theAuthorization
header, such as an encoded protobuf or b64 encoded string.listener
- The metadata response observer, which enables multi-request authentication.- Returns:
- AuthContext for this user if applicable else Empty
- Throws:
AuthenticationException
-