2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 package org
.apache
.arrow
.flight
.auth2
;
20 import org
.apache
.arrow
.flight
.CallHeaders
;
23 * Partial implementation of {@link CallHeaderAuthenticator} for bearer-token based authentication.
25 public abstract class BearerTokenAuthenticator
implements CallHeaderAuthenticator
{
27 final CallHeaderAuthenticator initialAuthenticator
;
29 public BearerTokenAuthenticator(CallHeaderAuthenticator initialAuthenticator
) {
30 this.initialAuthenticator
= initialAuthenticator
;
34 public AuthResult
authenticate(CallHeaders incomingHeaders
) {
35 // Check if headers contain a bearer token and if so, validate the token.
36 final String bearerToken
=
37 AuthUtilities
.getValueFromAuthHeader(incomingHeaders
, Auth2Constants
.BEARER_PREFIX
);
38 if (bearerToken
!= null) {
39 return validateBearer(bearerToken
);
42 // Delegate to the basic auth handler to do the validation.
43 final CallHeaderAuthenticator
.AuthResult result
= initialAuthenticator
.authenticate(incomingHeaders
);
44 return getAuthResultWithBearerToken(result
);
48 * Callback to run when the initial authenticator succeeds.
49 * @param authResult A successful initial authentication result.
50 * @return an alternate AuthResult based on the original AuthResult that will write a bearer token to output headers.
52 protected abstract AuthResult
getAuthResultWithBearerToken(AuthResult authResult
);
55 * Validate the bearer token.
56 * @param bearerToken The bearer token to validate.
57 * @return A successful AuthResult if validation succeeded.
58 * @throws Exception If the token validation fails.
60 protected abstract AuthResult
validateBearer(String bearerToken
);