Package io.deephaven.auth

Class AnonymousAuthenticationHandler

java.lang.Object

io.deephaven.auth.AnonymousAuthenticationHandler

All Implemented Interfaces:

AuthenticationRequestHandler

public class AnonymousAuthenticationHandler
extends Object
implements AuthenticationRequestHandler

Handler to accept an empty payload and accept that user as anonymous. To prevent anonymous access, do not enable this authentication handler.

Nested Class Summary

Nested classes/interfaces inherited from interface io.deephaven.auth.AuthenticationRequestHandler

AuthenticationRequestHandler.HandshakeResponseListener, AuthenticationRequestHandler.MetadataResponseListener

Constructor Summary

Constructors

Constructor	Description
AnonymousAuthenticationHandler()

Method Summary

Modifier and Type	Method	Description
String	getAuthType()	This handler can be referred to via both Arrow Flight's original Auth and Auth2.
void	initialize(String targetUrl)	Initialize request handler with the provided url.
Optional<AuthContext>	login(long protocolVersion, ByteBuffer payload, AuthenticationRequestHandler.HandshakeResponseListener listener)	Given a protocol version (very likely to be zero) and payload bytes, if possible authenticate this user.
Optional<AuthContext>	login(String payload, AuthenticationRequestHandler.MetadataResponseListener listener)	Given a payload string, if possible authenticate this user.
List<String>	urls(String targetUrl)	Return the targetUrl as the only valid url for this handler.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AnonymousAuthenticationHandler

public AnonymousAuthenticationHandler()

Method Details

getAuthType

public String getAuthType()

Description copied from interface: AuthenticationRequestHandler

This handler can be referred to via both Arrow Flight's original Auth and Auth2. To use via the original Arrow Flight Handshake, the request should be sent in a WrappedAuthenticationRequest with this handler's identity string. To use via Arrow Flight Auth 2's metadata header, then the Auth2Constants.AUTHORIZATION_HEADER should be prefixed with this handler's identity string.

Specified by:

getAuthType in interface AuthenticationRequestHandler

Returns:

the type string used to identify the handler

initialize

public void initialize(String targetUrl)

Description copied from interface: AuthenticationRequestHandler

Initialize request handler with the provided url.

Specified by:

initialize in interface AuthenticationRequestHandler

Parameters:

targetUrl - the base url of the hosted UI

urls

public List<String> urls(String targetUrl)

Return the targetUrl as the only valid url for this handler. With anonymous authentication there's no query parameters to add, so just return the targetUrl.

Specified by:

urls in interface AuthenticationRequestHandler

Parameters:

targetUrl - the base url of the hosted UI

Returns:

a list containing the targetUrl

login

public Optional<AuthContext> login(long protocolVersion,
 ByteBuffer payload,
 AuthenticationRequestHandler.HandshakeResponseListener listener)

Description copied from interface: AuthenticationRequestHandler

Given a protocol version (very likely to be zero) and payload bytes, if possible authenticate this user. If the handler can correctly decode the payload and confirm the user's identity, an appropriate UserContext should be returned. If the payload is correctly decoded and definitely isn't a valid user, an exception may be thrown. If there is ambiguity in decoding the payload (leading to apparent "not a valid user") or the payload cannot be decoded, an empty optional should be returned. Note that regular arrow flight clients cannot specify the protocolVersion; to be compatible with flight auth assume protocolVersion will be zero.

Specified by:

login in interface AuthenticationRequestHandler

Parameters:

protocolVersion - Mostly unused, this is an allowed field to set on HandshakeRequests from the Flight gRPC call.

payload - The byte payload of the handshake, such as an encoded protobuf.

listener - The handshake response observer, which enables multi-request authentication.

Returns:

AuthContext for this user if applicable else Empty

login

public Optional<AuthContext> login(String payload,
 AuthenticationRequestHandler.MetadataResponseListener listener)

Description copied from interface: AuthenticationRequestHandler

Given a payload string, if possible authenticate this user. If the handler can correctly decode the payload and confirm the user's identity, an appropriate UserContext should be returned. If the payload is correctly decoded and definitely isn't a valid user, an exception may be thrown. If there is ambiguity in decoding the payload (leading to apparent "not a valid user") or the payload cannot be decoded, an empty optional should be returned. Note that metadata can only be sent with the initial gRPC response; multi-message authentication via gRPC metadata headers require multiple gRPC call attempts.

Specified by:

login in interface AuthenticationRequestHandler

Parameters:

payload - The byte payload of the Authorization header, such as an encoded protobuf or b64 encoded string.

listener - The metadata response observer, which enables multi-request authentication.

Returns:

AuthContext for this user if applicable else Empty