public interface CallHeaderAuthenticator
ServerCallHeaderAuthMiddlewareto validate headers sent by a Flight client for authentication purposes. The headers validated do not necessarily have to be Authorization headers. The workflow is that the FlightServer will intercept headers on a request, validate the headers, and either send back an UNAUTHENTICATED error, or succeed and potentially send back additional headers to the client. Implementations of CallHeaderAuthenticator should take care not to provide leak confidential details (such as indicating if usernames are valid or not) for security reasons when reporting errors back to clients. Example CallHeaderAuthenticators provided include: The
BasicCallHeaderAuthenticatorwill authenticate basic HTTP credentials. The
BearerTokenAuthenticatorwill authenticate basic HTTP credentials initially, then also send back a bearer token that the client can use for subsequent requests. The
GeneratedBearerTokenAuthenticatorwill provide internally generated bearer tokens and maintain a cache of them.
|Modifier and Type||Interface and Description|
Encapsulates the result of the
|Modifier and Type||Field and Description|
An auth handler that does nothing.
static final CallHeaderAuthenticator NO_OP
CallHeaderAuthenticator.AuthResult authenticate(CallHeaders incomingHeaders)
incomingHeaders- The incoming headers to authenticate.
FlightRuntimeException- with CallStatus.UNAUTHENTICATED if credentials were not supplied or if credentials were supplied but were not valid.
Copyright © 2022 The Apache Software Foundation. All rights reserved.