blob: 179eac8dfbf675afce97da0650c910f04b8133ab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.zookeeper.server.auth;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.server.ServerCnxn;
/**
* This interface is implemented by authentication providers to add new kinds of
* authentication schemes to ZooKeeper.
*/
public interface AuthenticationProvider {
/**
* The String used to represent this provider. This will correspond to the
* scheme field of an Id.
*
* @return the scheme of this provider.
*/
String getScheme();
/**
* This method is called when a client passes authentication data for this
* scheme. The authData is directly from the authentication packet. The
* implementor may attach new ids to the authInfo field of cnxn or may use
* cnxn to send packets back to the client.
*
* @param cnxn
* the cnxn that received the authentication information.
* @param authData
* the authentication data received.
* @return TODO
*/
KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData);
/**
* This method is called to see if the given id matches the given id
* expression in the ACL. This allows schemes to use application specific
* wild cards.
*
* @param id
* the id to check.
* @param aclExpr
* the expression to match ids against.
* @return true if the id can be matched by the expression.
*/
boolean matches(String id, String aclExpr);
/**
* This method is used to check if the authentication done by this provider
* should be used to identify the creator of a node. Some ids such as hosts
* and ip addresses are rather transient and in general don't really
* identify a client even though sometimes they do.
*
* @return true if this provider identifies creators.
*/
boolean isAuthenticated();
/**
* Validates the syntax of an id.
*
* @param id
* the id to validate.
* @return true if id is well formed.
*/
boolean isValid(String id);
/**
* <param>id</param> represents the authentication info which is set in server connection.
* id may contain both user name as well as password.
* This method should be implemented to extract the user name.
*
* @param id authentication info set by client.
* @return String user name
*/
default String getUserName(String id) {
// Most of the authentication providers id contains only user name.
return id;
}
}
|
