turcsanyip commented on code in PR #10567:
URL: https://github.com/apache/nifi/pull/10567#discussion_r2571576304
##########
nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-service-shared/src/main/java/org/apache/nifi/kafka/service/security/OAuthBearerLoginCallbackHandler.java:
##########
@@ -72,20 +82,32 @@ public void configure(final Map<String, ?> configs, final
String saslMechanism,
this.accessTokenProvider = accessTokenProvider;
this.accessTokenValidator = new ClientJwtValidator();
this.accessTokenValidator.configure(configs, saslMechanism, List.of());
+
+ this.saslExtensions = options.entrySet().stream()
+ .filter(entry -> isSaslExtensionProperty(entry.getKey()))
+ .collect(Collectors.collectingAndThen(
+ Collectors.toMap(entry ->
removeSaslExtensionPropertyPrefix(entry.getKey()), entry ->
entry.getValue().toString()),
+ Collections::unmodifiableMap));
}
@Override
- public void handle(final Callback[] callbacks) {
+ public void handle(final Callback[] callbacks) throws
UnsupportedCallbackException {
for (final Callback callback : callbacks) {
if (callback instanceof OAuthBearerTokenCallback) {
handleTokenCallback((OAuthBearerTokenCallback) callback);
+ } else if (callback instanceof SaslExtensionsCallback) {
+ handleExtensionsCallback((SaslExtensionsCallback) callback);
+ } else {
+ throw new UnsupportedCallbackException(callback);
}
}
}
Review Comment:
@pvillard31 Thanks for highlighting this. The code template comes from
Kafka's built-in
[OAuthBearerLoginCallbackHandler](https://github.com/apache/kafka/blob/7311fe52a3b8b91c6406b89dd03232ab75936dd5/clients/src/main/java/org/apache/kafka/common/security/oauthbearer/OAuthBearerLoginCallbackHandler.java#L227-L239)
and only these 2 types are handled there too. Also double checked
[OAuthBearerLoginModule](https://github.com/apache/kafka/blob/7311fe52a3b8b91c6406b89dd03232ab75936dd5/clients/src/main/java/org/apache/kafka/common/security/oauthbearer/OAuthBearerLoginModule.java#L262C41-L262C56)
and I could not find other types there either.
The potential breaking change is valid and I can remove the
`UnsupportedCallbackException`. That's absolutely fine. I just did not
experience it during my tests and it is not clear for me where
`OAuthBearerExtensionsValidatorCallback` call comes from. Are you using a
standard Kafka?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
