public interface CallHeaderAuthenticator
ServerCallHeaderAuthMiddleware to validate headers sent by a Flight
client for authentication purposes. The headers validated do not necessarily have to be Authorization headers.
The workflow is that the FlightServer will intercept headers on a request, validate the headers, and
either send back an UNAUTHENTICATED error, or succeed and potentially send back additional headers to the client.
Implementations of CallHeaderAuthenticator should take care not to provide leak confidential details (such as
indicating if usernames are valid or not) for security reasons when reporting errors back to clients.
Example CallHeaderAuthenticators provided include:
The BasicCallHeaderAuthenticator will authenticate basic HTTP credentials.
The BearerTokenAuthenticator will authenticate basic HTTP credentials initially, then also send back a
bearer token that the client can use for subsequent requests. The GeneratedBearerTokenAuthenticator will
provide internally generated bearer tokens and maintain a cache of them.| Modifier and Type | Interface and Description |
|---|---|
static interface |
CallHeaderAuthenticator.AuthResult
Encapsulates the result of the
CallHeaderAuthenticator analysis of headers. |
| Modifier and Type | Field and Description |
|---|---|
static CallHeaderAuthenticator |
NO_OP
An auth handler that does nothing.
|
| Modifier and Type | Method and Description |
|---|---|
CallHeaderAuthenticator.AuthResult |
authenticate(CallHeaders incomingHeaders)
Validate the auth headers sent by the client.
|
static final CallHeaderAuthenticator NO_OP
CallHeaderAuthenticator.AuthResult authenticate(CallHeaders incomingHeaders)
incomingHeaders - The incoming headers to authenticate.FlightRuntimeException - with CallStatus.UNAUTHENTICATED if credentials were not supplied
or if credentials were supplied but were not valid.Copyright © 2023 The Apache Software Foundation. All rights reserved.