1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied. See the License for the
15 // specific language governing permissions and limitations
18 /// \brief Server-side APIs to implement authentication for Flight.
24 #include "arrow/flight/visibility.h"
25 #include "arrow/status.h"
31 /// \brief A reader for messages from the client during an
32 /// authentication handshake.
33 class ARROW_FLIGHT_EXPORT ServerAuthReader
{
35 virtual ~ServerAuthReader() = default;
36 virtual Status
Read(std::string
* token
) = 0;
39 /// \brief A writer for messages to the client during an
40 /// authentication handshake.
41 class ARROW_FLIGHT_EXPORT ServerAuthSender
{
43 virtual ~ServerAuthSender() = default;
44 virtual Status
Write(const std::string
& message
) = 0;
47 /// \brief An authentication implementation for a Flight service.
48 /// Authentication includes both an initial negotiation and a per-call
49 /// token validation. Implementations may choose to use either or both
51 /// An implementation may need to track some state, e.g. a mapping of
52 /// client tokens to authenticated identities.
53 class ARROW_FLIGHT_EXPORT ServerAuthHandler
{
55 virtual ~ServerAuthHandler();
56 /// \brief Authenticate the client on initial connection. The server
57 /// can send and read responses from the client at any time.
58 virtual Status
Authenticate(ServerAuthSender
* outgoing
, ServerAuthReader
* incoming
) = 0;
59 /// \brief Validate a per-call client token.
60 /// \param[in] token The client token. May be the empty string if
61 /// the client does not provide a token.
62 /// \param[out] peer_identity The identity of the peer, if this
63 /// authentication method supports it.
64 /// \return Status OK if the token is valid, any other status if
66 virtual Status
IsValid(const std::string
& token
, std::string
* peer_identity
) = 0;
69 /// \brief An authentication mechanism that does nothing.
70 class ARROW_FLIGHT_EXPORT NoOpAuthHandler
: public ServerAuthHandler
{
72 ~NoOpAuthHandler() override
;
73 Status
Authenticate(ServerAuthSender
* outgoing
, ServerAuthReader
* incoming
) override
;
74 Status
IsValid(const std::string
& token
, std::string
* peer_identity
) override
;