ceph/src/arrow/java/flight/flight-core/src/main/java/org/apache/arrow/flight/auth2/BearerTokenAuthenticator.java

   1 /*
   2  * Licensed to the Apache Software Foundation (ASF) under one or more
   3  * contributor license agreements.  See the NOTICE file distributed with
   4  * this work for additional information regarding copyright ownership.
   5  * The ASF licenses this file to You under the Apache License, Version 2.0
   6  * (the "License"); you may not use this file except in compliance with
   7  * the License.  You may obtain a copy of the License at
   8  *
   9  *    http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  * Unless required by applicable law or agreed to in writing, software
  12  * distributed under the License is distributed on an "AS IS" BASIS,
  13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  * See the License for the specific language governing permissions and
  15  * limitations under the License.
  16  */
  17
  18 package org.apache.arrow.flight.auth2;
  19
  20 import org.apache.arrow.flight.CallHeaders;
  21
  22 /**
  23  * Partial implementation of {@link CallHeaderAuthenticator} for bearer-token based authentication.
  24  */
  25 public abstract class BearerTokenAuthenticator implements CallHeaderAuthenticator {
  26
  27   final CallHeaderAuthenticator initialAuthenticator;
  28
  29   public BearerTokenAuthenticator(CallHeaderAuthenticator initialAuthenticator) {
  30     this.initialAuthenticator = initialAuthenticator;
  31   }
  32
  33   @Override
  34   public AuthResult authenticate(CallHeaders incomingHeaders) {
  35     // Check if headers contain a bearer token and if so, validate the token.
  36     final String bearerToken =
  37         AuthUtilities.getValueFromAuthHeader(incomingHeaders, Auth2Constants.BEARER_PREFIX);
  38     if (bearerToken != null) {
  39       return validateBearer(bearerToken);
  40     }
  41
  42     // Delegate to the basic auth handler to do the validation.
  43     final CallHeaderAuthenticator.AuthResult result = initialAuthenticator.authenticate(incomingHeaders);
  44     return getAuthResultWithBearerToken(result);
  45   }
  46
  47   /**
  48    * Callback to run when the initial authenticator succeeds.
  49    * @param authResult A successful initial authentication result.
  50    * @return an alternate AuthResult based on the original AuthResult that will write a bearer token to output headers.
  51    */
  52   protected abstract AuthResult getAuthResultWithBearerToken(AuthResult authResult);
  53
  54   /**
  55    * Validate the bearer token.
  56    * @param bearerToken The bearer token to validate.
  57    * @return A successful AuthResult if validation succeeded.
  58    * @throws Exception If the token validation fails.
  59    */
  60   protected abstract AuthResult validateBearer(String bearerToken);
  61
  62 }