Package org.apache.tinkerpop.gremlin.server.auth

Interface Authenticator.SaslNegotiator

  • Enclosing interface:
    Authenticator
    public static interface Authenticator.SaslNegotiator
    Performs the actual SASL negotiation for a single authentication attempt. SASL is stateful, so a new instance should be used for each attempt. Non-trivial implementations may delegate to an instance of SaslServer

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      byte[] evaluateResponse​(byte[] clientResponse)
      Evaluates the client response data and generates a byte[] reply which may be a further challenge or purely informational in the case that the negotiation is completed on this round.
      AuthenticatedUser getAuthenticatedUser()
      Following a successful negotiation, get the AuthenticatedUser representing the logged in subject.
      boolean isComplete()
      Called after each invocation of evaluateResponse(byte[]) to determine whether the authentication has completed successfully or should be continued.

    • Method Detail

      • evaluateResponse

        byte[] evaluateResponse​(byte[] clientResponse)
                 throws AuthenticationException
        Evaluates the client response data and generates a byte[] reply which may be a further challenge or purely informational in the case that the negotiation is completed on this round. This method is called each time a RequestMessage with an "op" code of "authenticate" is received from a client. After it is called, isComplete() is checked to determine whether the negotiation has finished. If so, an AuthenticatedUser is obtained by calling getAuthenticatedUser() and that user associated with the active connection. If the negotiation is not yet complete, the byte[] is returned to the client as a further challenge in an ResponseMessage with ResponseStatusCode.AUTHENTICATE. This continues until the negotiation does complete or an error is encountered.
        Throws:
        AuthenticationException

      • isComplete

        boolean isComplete()
        Called after each invocation of evaluateResponse(byte[]) to determine whether the authentication has completed successfully or should be continued.
        Returns:
        true if the authentication exchange has completed; false otherwise.

      • getAuthenticatedUser

        AuthenticatedUser getAuthenticatedUser()
                                throws AuthenticationException
        Following a successful negotiation, get the AuthenticatedUser representing the logged in subject. This method should only be called if isComplete() returns true. Should never return null - always throw AuthenticationException instead. Returning AuthenticatedUser.ANONYMOUS_USER is an option if authentication is not required.
        Throws:
        AuthenticationException