lhotari commented on code in PR #24944:
URL: https://github.com/apache/pulsar/pull/24944#discussion_r2509768613
##########
pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/FlowBase.java:
##########
@@ -18,31 +18,80 @@
*/
package org.apache.pulsar.client.impl.auth.oauth2;
+import io.netty.handler.ssl.SslContextBuilder;
+import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Map;
+import javax.net.ssl.SSLException;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
+import org.apache.pulsar.PulsarVersion;
import org.apache.pulsar.client.api.PulsarClientException;
import
org.apache.pulsar.client.impl.auth.oauth2.protocol.DefaultMetadataResolver;
import org.apache.pulsar.client.impl.auth.oauth2.protocol.Metadata;
import org.apache.pulsar.client.impl.auth.oauth2.protocol.MetadataResolver;
+import org.asynchttpclient.AsyncHttpClient;
+import org.asynchttpclient.DefaultAsyncHttpClient;
+import org.asynchttpclient.DefaultAsyncHttpClientConfig;
/**
* An abstract OAuth 2.0 authorization flow.
*/
@Slf4j
abstract class FlowBase implements Flow {
+ public static final String CONFIG_PARAM_CONNECT_TIMEOUT = "connectTimeout";
+ public static final String CONFIG_PARAM_READ_TIMEOUT = "readTimeout";
+ public static final String CONFIG_PARAM_TRUST_CERTS_FILE_PATH =
"trustCertsFilePath";
+
+ protected static final int DEFAULT_CONNECT_TIMEOUT_IN_SECONDS = 10;
+ protected static final int DEFAULT_READ_TIMEOUT_IN_SECONDS = 30;
+
private static final long serialVersionUID = 1L;
protected final URL issuerUrl;
+ protected final AsyncHttpClient httpClient;
protected transient Metadata metadata;
- protected FlowBase(URL issuerUrl) {
+ protected FlowBase(URL issuerUrl, Integer connectTimeout, Integer
readTimeout, String trustCertsFilePath) {
this.issuerUrl = issuerUrl;
+ this.httpClient = defaultHttpClient(readTimeout, connectTimeout,
trustCertsFilePath);
+ }
+
+ private AsyncHttpClient defaultHttpClient(Integer readTimeout, Integer
connectTimeout, String trustCertsFilePath) {
+ DefaultAsyncHttpClientConfig.Builder confBuilder = new
DefaultAsyncHttpClientConfig.Builder();
+ confBuilder.setCookieStore(null);
+ confBuilder.setUseProxyProperties(true);
+ confBuilder.setFollowRedirect(true);
+ confBuilder.setConnectTimeout(
Review Comment:
please check
https://github.com/apache/pulsar-site/pull/1052/files#r2509758571 and the
earlier comment about adding javadoc for connectTimeout/readTimeout
##########
pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/AuthenticationFactoryOAuth2.java:
##########
@@ -31,35 +31,101 @@ public final class AuthenticationFactoryOAuth2 {
/**
* Authenticate with client credentials.
*
- * @param issuerUrl the issuer URL
+ * @param issuerUrl the issuer URL
* @param credentialsUrl the credentials URL
- * @param audience An optional field. The audience identifier used by some
Identity Providers, like Auth0.
+ * @param audience An optional field. The audience identifier used
by some Identity Providers, like Auth0.
* @return an Authentication object
*/
public static Authentication clientCredentials(URL issuerUrl, URL
credentialsUrl, String audience) {
- return clientCredentials(issuerUrl, credentialsUrl, audience, null);
+ return
clientCredentialsBuilder().issuerUrl(issuerUrl).credentialsUrl(credentialsUrl).audience(audience)
+ .build();
}
/**
* Authenticate with client credentials.
*
- * @param issuerUrl the issuer URL
+ * @param issuerUrl the issuer URL
* @param credentialsUrl the credentials URL
- * @param audience An optional field. The audience identifier used by some
Identity Providers, like Auth0.
- * @param scope An optional field. The value of the scope parameter is
expressed as a list of space-delimited,
- * case-sensitive strings. The strings are defined by the
authorization server.
- * If the value contains multiple space-delimited strings,
their order does not matter,
- * and each string adds an additional access range to the
requested scope.
- * From here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
+ * @param audience An optional field. The audience identifier used
by some Identity Providers, like Auth0.
+ * @param scope An optional field. The value of the scope
parameter is expressed as a list of
+ * space-delimited,
+ * case-sensitive strings. The strings are defined
by the authorization server.
+ * If the value contains multiple space-delimited
strings, their order does not matter,
+ * and each string adds an additional access range
to the requested scope.
+ * From here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
* @return an Authentication object
*/
public static Authentication clientCredentials(URL issuerUrl, URL
credentialsUrl, String audience, String scope) {
- ClientCredentialsFlow flow = ClientCredentialsFlow.builder()
- .issuerUrl(issuerUrl)
- .privateKey(credentialsUrl.toExternalForm())
- .audience(audience)
- .scope(scope)
- .build();
- return new AuthenticationOAuth2(flow, Clock.systemDefaultZone());
+ return
clientCredentialsBuilder().issuerUrl(issuerUrl).credentialsUrl(credentialsUrl).audience(audience)
+ .scope(scope).build();
}
+
+ public static ClientCredentialsBuilder clientCredentialsBuilder() {
+ return new ClientCredentialsBuilder();
+ }
+
+ public static class ClientCredentialsBuilder {
+
+ private URL issuerUrl;
+ private URL credentialsUrl;
+ private String audience;
+ private String scope;
+ private Integer connectTimeout;
+ private Integer readTimeout;
+ private String trustCertsFilePath;
+
+ private ClientCredentialsBuilder() {
+ }
+
+ public ClientCredentialsBuilder issuerUrl(URL issuerUrl) {
+ this.issuerUrl = issuerUrl;
+ return this;
+ }
+
+ public ClientCredentialsBuilder credentialsUrl(URL credentialsUrl) {
+ this.credentialsUrl = credentialsUrl;
+ return this;
+ }
+
+ public ClientCredentialsBuilder audience(String audience) {
+ this.audience = audience;
+ return this;
+ }
+
+ public ClientCredentialsBuilder scope(String scope) {
+ this.scope = scope;
+ return this;
+ }
+
+ public ClientCredentialsBuilder connectTimeout(Integer connectTimeout)
{
+ this.connectTimeout = connectTimeout;
+ return this;
+ }
+
+ public ClientCredentialsBuilder readTimeout(Integer readTimeout) {
+ this.readTimeout = readTimeout;
+ return this;
+ }
+
+ public ClientCredentialsBuilder trustCertsFilePath(String
trustCertsFilePath) {
+ this.trustCertsFilePath = trustCertsFilePath;
+ return this;
+ }
+
+ public Authentication build() {
Review Comment:
please add javadoc to these methods. One useful detail is to document the
unit for connectTimeout/readTimeout, that the unit is in seconds or
milliseconds.
https://github.com/apache/pulsar-site/pull/1052/files#r2509758571
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
