Class PasswordAuthenticator.Builder
- Enclosing class:
PasswordAuthenticator
PasswordAuthenticator
.-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionallowedSaslMechanisms
(Set<SaslMechanism> allowedSaslMechanisms) Allows to set a list of allowed SASL mechanisms for the NON-TLS connections.build()
Creates thePasswordAuthenticator
based on the customization in this builder.This method acts as a shortcut toallowedSaslMechanisms(Set)
which addsSaslMechanism.PLAIN
to the allowed mechanism list for NON TLS connections.This method will ONLY enable the PLAIN SASL mechanism (useful for LDAP enabled environments).Deprecated.Please specify the password when creating the builder, using one of the "See Also" methods.Deprecated.This method does not support returning username and password as an atomic unit.Deprecated.Please specify the username when creating the builder, using one of the "See Also" methods.Deprecated.This method does not support returning username and password as an atomic unit.
-
Constructor Details
-
Builder
Deprecated.Please useBuilder(java.lang.String,java.lang.String)
orBuilder(java.util.function.Supplier<com.couchbase.client.core.env.UsernameAndPassword>)
instead.
-
-
Method Details
-
username
Deprecated.Please specify the username when creating the builder, using one of the "See Also" methods.Specifies a static username that will be used for all authentication purposes.- Parameters:
username
- the username to use.- Returns:
- this builder for chaining purposes.
- See Also:
-
username
Deprecated.This method does not support returning username and password as an atomic unit. Please usePasswordAuthenticator.builder(Supplier)
instead.Specifies a dynamic username that will be used for all authentication purposes. This enables updating credentials without having to restart your application.IMPORTANT: The supplier's
get()
method must not do blocking IO. SeePasswordAuthenticator.builder(Supplier)
for details about why this is important, and what to do instead of blocking IO.- Parameters:
username
- A supplier that returns the username to use.- Returns:
- this builder for chaining purposes.
-
password
Deprecated.Please specify the password when creating the builder, using one of the "See Also" methods.Specifies a static password that will be used for all authentication purposes.- Parameters:
password
- the password to alongside for the username provided.- Returns:
- this builder for chaining purposes.
- See Also:
-
password
Deprecated.This method does not support returning username and password as an atomic unit. Please usePasswordAuthenticator.builder(Supplier)
instead.Specifies a dynamic password that will be used for all authentication purposes.Every time the SDK needs to authenticate against the server, it will re-evaluate the supplier. This means that you can pass in a supplier that dynamically loads a password from a (remote) source without taking the application down on a restart.
It is VERY IMPORTANT that this supplier must not block on IO. It is called in async contexts and blocking for a longer amount of time will stall SDK resources like async event loops.
- Parameters:
password
- the password to alongside for the username provided.- Returns:
- this builder for chaining purposes.
-
allowedSaslMechanisms
public PasswordAuthenticator.Builder allowedSaslMechanisms(Set<SaslMechanism> allowedSaslMechanisms) Allows to set a list of allowed SASL mechanisms for the NON-TLS connections.Note that if you add
SaslMechanism.PLAIN
to the list, this will cause credential leakage on the network since PLAIN sends the credentials in cleartext. It is disabled by default to prevent downgrade attacks. We recommend using a TLS connection instead.- Parameters:
allowedSaslMechanisms
- the list of allowed sasl mechs for non-tls connections.- Returns:
- this builder for chaining purposes.
-
enablePlainSaslMechanism
This method acts as a shortcut toallowedSaslMechanisms(Set)
which addsSaslMechanism.PLAIN
to the allowed mechanism list for NON TLS connections.Please note that this is INSECURE and will leak user credentials on the wire to eavesdroppers. This should only be enabled in trusted environments - we recommend connecting via TLS to the cluster instead.
If you are running an LDAP enabled environment, please use
onlyEnablePlainSaslMechanism()
instead!- Returns:
- this builder for chaining purposes.
-
onlyEnablePlainSaslMechanism
This method will ONLY enable the PLAIN SASL mechanism (useful for LDAP enabled environments).Please note that this is INSECURE and will leak user credentials on the wire to eavesdroppers. This should only be enabled in trusted environments - we recommend connecting via TLS to the cluster instead.
You might also want to consider using the static constructor method
PasswordAuthenticator.ldapCompatible(String, String)
as a shortcut.- Returns:
- this builder for chaining purposes.
-
build
Creates thePasswordAuthenticator
based on the customization in this builder.- Returns:
- the created password authenticator instance.
-
Builder(java.lang.String,java.lang.String)
orBuilder(java.util.function.Supplier<com.couchbase.client.core.env.UsernameAndPassword>)
instead.