Package com.couchbase.client.core.env

Class PasswordAuthenticator.Builder

java.lang.Object

com.couchbase.client.core.env.PasswordAuthenticator.Builder

Enclosing class:

PasswordAuthenticator

public static class PasswordAuthenticator.Builder
extends Object

Provides customization to the PasswordAuthenticator.

Constructor Summary

Constructors

Constructor	Description
Builder()

Method Summary

Modifier and Type	Method	Description
PasswordAuthenticator.Builder	allowedSaslMechanisms(Set<SaslMechanism> allowedSaslMechanisms)	Allows to set a list of allowed SASL mechanisms for the NON-TLS connections.
PasswordAuthenticator	build()	Creates the PasswordAuthenticator based on the customization in this builder.
PasswordAuthenticator.Builder	enablePlainSaslMechanism()	This method acts as a shortcut to allowedSaslMechanisms(Set) which adds SaslMechanism.PLAIN to the allowed mechanism list for NON TLS connections.
PasswordAuthenticator.Builder	onlyEnablePlainSaslMechanism()	This method will ONLY enable the PLAIN SASL mechanism (useful for LDAP enabled environments).
PasswordAuthenticator.Builder	password(String password)	Specifies a static password that will be used for all authentication purposes.
PasswordAuthenticator.Builder	password(Supplier<String> password)	Specifies a dynamic password that will be used for all authentication purposes.
PasswordAuthenticator.Builder	username(String username)	Specifies a static username that will be used for all authentication purposes.
PasswordAuthenticator.Builder	username(Supplier<String> username)	Specifies a dynamic username that will be used for all authentication purposes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Builder

public Builder()

Method Detail

username

public PasswordAuthenticator.Builder username(String username)

Specifies a static username that will be used for all authentication purposes.

Parameters:

username - the username to use.

Returns:

this builder for chaining purposes.

username

public PasswordAuthenticator.Builder username(Supplier<String> username)

Specifies a dynamic username that will be used for all authentication purposes.

Every time the SDK needs to authenticate against the server, it will re-evaluate the supplier. This means that you can pass in a supplier that dynamically loads a username from a (remote) source without taking the application down on a restart.

It is VERY IMPORTANT that this supplier must not block on IO. It is called in async contexts and blocking for a longer amount of time will stall SDK resources like async event loops.

Parameters:

username - the username to use.

Returns:

this builder for chaining purposes.

password

public PasswordAuthenticator.Builder password(String password)

Specifies a static password that will be used for all authentication purposes.

Parameters:

password - the password to alongside for the username provided.

Returns:

this builder for chaining purposes.

password

public PasswordAuthenticator.Builder password(Supplier<String> password)

Specifies a dynamic password that will be used for all authentication purposes.

Every time the SDK needs to authenticate against the server, it will re-evaluate the supplier. This means that you can pass in a supplier that dynamically loads a password from a (remote) source without taking the application down on a restart.

It is VERY IMPORTANT that this supplier must not block on IO. It is called in async contexts and blocking for a longer amount of time will stall SDK resources like async event loops.

Parameters:

password - the password to alongside for the username provided.

Returns:

this builder for chaining purposes.

allowedSaslMechanisms

public PasswordAuthenticator.Builder allowedSaslMechanisms(Set<SaslMechanism> allowedSaslMechanisms)

Allows to set a list of allowed SASL mechanisms for the NON-TLS connections.

Note that if you add SaslMechanism.PLAIN to the list, this will cause credential leakage on the network since PLAIN sends the credentials in cleartext. It is disabled by default to prevent downgrade attacks. We recommend using a TLS connection instead.

Parameters:

allowedSaslMechanisms - the list of allowed sasl mechs for non-tls connections.

Returns:

this builder for chaining purposes.

enablePlainSaslMechanism

public PasswordAuthenticator.Builder enablePlainSaslMechanism()

This method acts as a shortcut to allowedSaslMechanisms(Set) which adds SaslMechanism.PLAIN to the allowed mechanism list for NON TLS connections.

Please note that this is INSECURE and will leak user credentials on the wire to eavesdroppers. This should only be enabled in trusted environments - we recommend connecting via TLS to the cluster instead.

If you are running an LDAP enabled environment, please use onlyEnablePlainSaslMechanism() instead!

Returns:

this builder for chaining purposes.

onlyEnablePlainSaslMechanism

public PasswordAuthenticator.Builder onlyEnablePlainSaslMechanism()

This method will ONLY enable the PLAIN SASL mechanism (useful for LDAP enabled environments).

Please note that this is INSECURE and will leak user credentials on the wire to eavesdroppers. This should only be enabled in trusted environments - we recommend connecting via TLS to the cluster instead.

You might also want to consider using the static constructor method PasswordAuthenticator.ldapCompatible(String, String) as a shortcut.

Returns:

this builder for chaining purposes.

build

public PasswordAuthenticator build()

Creates the PasswordAuthenticator based on the customization in this builder.

Returns:

the created password authenticator instance.