moved new values validation to CredentialsManager

chernser · chernser · commit f47976386931 · 2026-05-01T17:36:54.000+09:00
diff --git a/client-v2/src/main/java/com/clickhouse/client/api/Client.java b/client-v2/src/main/java/com/clickhouse/client/api/Client.java
@@ -106,7 +106,7 @@
  *
  *
  * <p>Client is thread-safe. It uses exclusive set of object to perform an operation.
- * Exception is client global authentication configuration. Application should handle it in the way it is designed./p>
+ * Exception is client global authentication configuration. Application should handle it in the way it is designed.</p>
  *
  */
 public class Client implements AutoCloseable {
@@ -2182,6 +2182,7 @@ public Collection<String> getDBRoles() {
         return unmodifiableDbRolesView;
     }
 
+
     /**
      * Updates Bearer token for other requests.
      * This method is not thread-safe with respect to other credential updates
@@ -2191,9 +2192,7 @@ public Collection<String> getDBRoles() {
      * @param bearer - token to use without {@code "Bearer"} prefix.
      */
     public void updateBearerToken(String bearer) {
-        if (!credentialsManager.isHasAccessToken()) {
-            throw new ClientMisconfigurationException("Authentication type cannot be switch at runtime");
-        }
+        ValidationUtils.checkNonBlank(bearer, "Bearer token");
         updateAccessToken(CredentialsManager.AUTH_HEADER_BEARER_PREFIX + bearer);
     }
 
@@ -2208,9 +2207,6 @@ public void updateBearerToken(String bearer) {
      * @throws ClientMisconfigurationException if another authentication type in use.
      */
     public void updateUserAndPassword(String username, String password) {
-        if (!credentialsManager.isHasUserPassword()) {
-            throw new ClientMisconfigurationException("Authentication type cannot be switch at runtime");
-        }
         this.credentialsManager.setCredentials(username, password);
     }
 
@@ -2223,9 +2219,6 @@ public void updateUserAndPassword(String username, String password) {
      * @param accessToken - plain text access token
      */
     public void updateAccessToken(String accessToken) {
-        if (!credentialsManager.isHasAccessToken()) {
-            throw new ClientMisconfigurationException("Authentication type cannot be switch at runtime");
-        }
         this.credentialsManager.setAccessToken(accessToken);
     }
 
diff --git a/client-v2/src/main/java/com/clickhouse/client/api/internal/CredentialsManager.java b/client-v2/src/main/java/com/clickhouse/client/api/internal/CredentialsManager.java
@@ -7,7 +7,6 @@
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.Objects;
 import java.util.concurrent.atomic.AtomicReference;
 
 /**
@@ -35,8 +34,8 @@ public CredentialsManager(Map<String, String> config) {
         boolean hasAuthHeader = isCustomAuthHeader(config);
 
         final long authMethodsCount = Arrays
-                .stream(new Boolean[] {hasUserPassword, hasAccessToken, sslAuthEnabled, hasAuthHeader})
-                .filter(b-> b).count();
+                .stream(new Boolean[]{hasUserPassword, hasAccessToken, sslAuthEnabled, hasAuthHeader})
+                .filter(b -> b).count();
 
         String username = config.get(ClientConfigProperties.USER.getKey());
         if (authMethodsCount == 1 && !hasAuthHeader) {
@@ -64,26 +63,25 @@ public CredentialsManager(Map<String, String> config) {
         }
     }
 
-    public boolean isHasAccessToken() {
-        return hasAccessToken;
-    }
-
-    public boolean isHasUserPassword() {
-        return hasUserPassword;
-    }
-
     public void applyCredentials(Map<String, Object> target) {
         Map<String, Object> properties = authConfig.get();
         target.putAll(properties);
     }
 
+    private static final String AUTH_CANNOT_BE_SWITCHED_ERR_MSG = "Authentication type cannot be switched at runtime";
+
     /**
      * Replaces the current username/password credentials.
      *
      * <p>This class does not synchronize credential updates. Callers must
      * serialize updates and request execution if they require thread safety.
      */
     public void setCredentials(String username, String password) {
+        ValidationUtils.checkNonBlank(username, "username");
+        ValidationUtils.checkNonBlank(password, "password");
+        if (!hasUserPassword) {
+            throw new ClientMisconfigurationException(AUTH_CANNOT_BE_SWITCHED_ERR_MSG);
+        }
         updateBackedConfig(username, password, false, null);
     }
 
@@ -94,6 +92,10 @@ public void setCredentials(String username, String password) {
      * serialize updates and request execution if they require thread safety.
      */
     public void setAccessToken(String accessToken) {
+        if (!hasAccessToken) {
+            throw new ClientMisconfigurationException(AUTH_CANNOT_BE_SWITCHED_ERR_MSG);
+        }
+        ValidationUtils.checkNonBlank(accessToken, "accessToken");
         updateBackedConfig(null, null, false, accessToken);
     }
 
diff --git a/client-v2/src/test/java/com/clickhouse/client/HttpTransportTests.java b/client-v2/src/test/java/com/clickhouse/client/HttpTransportTests.java
@@ -3,21 +3,22 @@
 import com.clickhouse.client.api.Client;
 import com.clickhouse.client.api.ClientConfigProperties;
 import com.clickhouse.client.api.ClientException;
-import com.clickhouse.client.api.Session;
 import com.clickhouse.client.api.ClientFaultCause;
 import com.clickhouse.client.api.ClientMisconfigurationException;
 import com.clickhouse.client.api.ConnectionInitiationException;
 import com.clickhouse.client.api.ConnectionReuseStrategy;
 import com.clickhouse.client.api.ServerException;
+import com.clickhouse.client.api.Session;
 import com.clickhouse.client.api.command.CommandResponse;
 import com.clickhouse.client.api.command.CommandSettings;
 import com.clickhouse.client.api.data_formats.ClickHouseBinaryFormatReader;
 import com.clickhouse.client.api.enums.Protocol;
 import com.clickhouse.client.api.enums.ProxyType;
-import com.clickhouse.client.api.insert.InsertSettings;
 import com.clickhouse.client.api.insert.InsertResponse;
+import com.clickhouse.client.api.insert.InsertSettings;
 import com.clickhouse.client.api.internal.DataTypeConverter;
 import com.clickhouse.client.api.internal.ServerSettings;
+import com.clickhouse.client.api.internal.ValidationUtils;
 import com.clickhouse.client.api.query.GenericRecord;
 import com.clickhouse.client.api.query.QueryResponse;
 import com.clickhouse.client.api.query.QuerySettings;
@@ -57,6 +58,7 @@
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ThreadLocalRandom;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.regex.Pattern;
@@ -1047,8 +1049,9 @@ public void testBearerTokenAuth() throws Exception {
             return; // mocked server
         }
 
+        int randomPort = ThreadLocalRandom.current().nextInt(3000,65535);
         WireMockServer mockServer = new WireMockServer( WireMockConfiguration
-                .options().port(9090).notifier(new ConsoleNotifier(false)));
+                .options().port(randomPort).notifier(new ConsoleNotifier(false)));
         mockServer.start();
 
         try {
@@ -1108,14 +1111,95 @@ public void testBearerTokenAuth() throws Exception {
                         .build());
 
                 client.updateBearerToken(jwtToken2);
+                client.execute("SELECT 1").get();
+
+                Assert.expectThrows(ValidationUtils.SettingsValidationException.class, () -> client.updateBearerToken(null));
+                Assert.expectThrows(ValidationUtils.SettingsValidationException.class, () -> client.updateBearerToken(""));
+            }
+        } finally {
+            mockServer.stop();
+        }
+    }
+
+    @Test(groups = { "integration" })
+    public void testAccessTokenAuth() throws Exception {
+        if (isCloud()) {
+            return; // mocked server
+        }
+
+        int randomPort = ThreadLocalRandom.current().nextInt(3000,65535);
+        WireMockServer mockServer = new WireMockServer( WireMockConfiguration
+                .options().port(randomPort).notifier(new ConsoleNotifier(false)));
+        mockServer.start();
+
+        try {
+            String accessToken1 = Arrays.stream(
+                            new String[]{"header", "payload", "signature"})
+                    .map(s -> Base64.getEncoder().encodeToString(s.getBytes(StandardCharsets.UTF_8)))
+                    .reduce((s1, s2) -> s1 + "." + s2).get();
+            try (Client client = new Client.Builder().addEndpoint(Protocol.HTTP, "localhost", mockServer.port(), false)
+                    .setAccessToken(accessToken1)
+                    .compressServerResponse(false)
+                    .build()) {
 
+                mockServer.addStubMapping(WireMock.post(WireMock.anyUrl())
+                        .withHeader("Authorization", WireMock.equalTo(accessToken1))
+                        .willReturn(WireMock.aResponse()
+                                .withHeader("X-ClickHouse-Summary",
+                                        "{ \"read_bytes\": \"10\", \"read_rows\": \"1\"}")).build());
+
+                try (QueryResponse response = client.query("SELECT 1").get(1, TimeUnit.SECONDS)) {
+                    Assert.assertEquals(response.getReadBytes(), 10);
+                } catch (Exception e) {
+                    Assert.fail("Unexpected exception", e);
+                }
+            }
+
+            String accessToken2 = Arrays.stream(
+                            new String[]{"header2", "payload2", "signature2"})
+                    .map(s -> Base64.getEncoder().encodeToString(s.getBytes(StandardCharsets.UTF_8)))
+                    .reduce((s1, s2) -> s1 + "." + s2).get();
+
+            mockServer.resetAll();
+            mockServer.addStubMapping(WireMock.post(WireMock.anyUrl())
+                    .withHeader("Authorization", WireMock.equalTo(accessToken1))
+                    .willReturn(WireMock.aResponse()
+                            .withStatus(HttpStatus.SC_UNAUTHORIZED))
+                    .build());
+
+            try (Client client = new Client.Builder().addEndpoint(Protocol.HTTP, "localhost", mockServer.port(), false)
+                    .setAccessToken(accessToken1)
+                    .compressServerResponse(false)
+                    .build()) {
+
+                try {
+                    client.execute("SELECT 1").get();
+                    fail("Exception expected");
+                } catch (ServerException e) {
+                    Assert.assertEquals(e.getTransportProtocolCode(), HttpStatus.SC_UNAUTHORIZED);
+                }
+
+                mockServer.resetAll();
+                mockServer.addStubMapping(WireMock.post(WireMock.anyUrl())
+                        .withHeader("Authorization", WireMock.equalTo(accessToken2))
+                        .willReturn(WireMock.aResponse()
+                                .withHeader("X-ClickHouse-Summary",
+                                        "{ \"read_bytes\": \"10\", \"read_rows\": \"1\"}"))
+
+                        .build());
+
+                client.updateAccessToken(accessToken2);
                 client.execute("SELECT 1").get();
+
+                Assert.expectThrows(ValidationUtils.SettingsValidationException.class, () -> client.updateAccessToken(null));
+                Assert.expectThrows(ValidationUtils.SettingsValidationException.class, () -> client.updateAccessToken(""));
             }
         } finally {
             mockServer.stop();
         }
     }
 
+
     @Test(groups = { "integration" })
     public void testUpdateSessionIdAtRuntime() throws Exception {
         if (isCloud()) {
