Moved PrincipalMapper, CredentialsSupplier, Authenticator to ".auth" package

Author: artem-v

services-api/src/main/java/io/scalecube/services/ServiceInfo.java

@@ -1,6 +1,6 @@
 package io.scalecube.services;
 
-import io.scalecube.services.auth.Authenticator;
+import io.scalecube.services.auth.PrincipalMapper;
 import io.scalecube.services.exceptions.ServiceProviderErrorMapper;
 import io.scalecube.services.transport.api.ServiceMessageDataDecoder;
 import java.util.Collections;
@@ -17,15 +17,15 @@ public class ServiceInfo {
   private final Map<String, String> tags;
   private final ServiceProviderErrorMapper errorMapper;
   private final ServiceMessageDataDecoder dataDecoder;
-  private final Authenticator authenticator;
+  private final PrincipalMapper principalMapper;
   private final Logger logger;
 
   private ServiceInfo(Builder builder) {
     this.serviceInstance = builder.serviceInstance;
     this.tags = Collections.unmodifiableMap(new HashMap<>(builder.tags));
     this.errorMapper = builder.errorMapper;
     this.dataDecoder = builder.dataDecoder;
-    this.authenticator = builder.authenticator;
+    this.principalMapper = builder.principalMapper;
     this.logger = builder.logger;
   }
 
@@ -53,8 +53,8 @@ public ServiceMessageDataDecoder dataDecoder() {
     return dataDecoder;
   }
 
-  public Authenticator authenticator() {
-    return authenticator;
+  public PrincipalMapper principalMapper() {
+    return principalMapper;
   }
 
   public Logger logger() {
@@ -68,7 +68,7 @@ public String toString() {
         .add("tags=" + tags)
         .add("errorMapper=" + errorMapper)
         .add("dataDecoder=" + dataDecoder)
-        .add("authenticator=" + authenticator)
+        .add("principalMapper=" + principalMapper)
         .add("logger=" + logger)
         .toString();
   }
@@ -79,15 +79,15 @@ public static class Builder {
     private final Map<String, String> tags = new HashMap<>();
     private ServiceProviderErrorMapper errorMapper;
     private ServiceMessageDataDecoder dataDecoder;
-    private Authenticator authenticator;
+    private PrincipalMapper principalMapper;
     private Logger logger;
 
     private Builder(ServiceInfo serviceInfo) {
       this.serviceInstance = serviceInfo.serviceInstance;
       this.tags.putAll(new HashMap<>(serviceInfo.tags));
       this.errorMapper = serviceInfo.errorMapper;
       this.dataDecoder = serviceInfo.dataDecoder;
-      this.authenticator = serviceInfo.authenticator;
+      this.principalMapper = serviceInfo.principalMapper;
       this.logger = serviceInfo.logger;
     }
 
@@ -166,13 +166,13 @@ public Builder dataDecoder(ServiceMessageDataDecoder dataDecoder) {
     }
 
     /**
-     * Setter for {@code authenticator}. Overrides default {@code Microservices.authenticator}.
+     * Setter for {@code principalMapper}. Overrides default {@code Microservices.principalMapper}.
      *
-     * @param authenticator authenticator (optional)
+     * @param principalMapper principalMapper (optional)
      * @return this
      */
-    public Builder authenticator(Authenticator authenticator) {
-      this.authenticator = authenticator;
+    public Builder principalMapper(PrincipalMapper principalMapper) {
+      this.principalMapper = principalMapper;
       return this;
     }
 
@@ -190,9 +190,9 @@ Builder dataDecoderIfAbsent(ServiceMessageDataDecoder dataDecoder) {
       return this;
     }
 
-    Builder authenticatorIfAbsent(Authenticator authenticator) {
-      if (this.authenticator == null) {
-        return authenticator(authenticator);
+    Builder principalMapperIfAbsent(PrincipalMapper principalMapper) {
+      if (this.principalMapper == null) {
+        return principalMapper(principalMapper);
       }
       return this;
     }

services-api/src/main/java/io/scalecube/services/auth/Authenticator.java

@@ -1,10 +1,19 @@
 package io.scalecube.services.auth;
 
-import io.scalecube.services.RequestContext;
 import reactor.core.publisher.Mono;
 
+/**
+ * Service authentication interface to handle authentication of clients to the service. Result of
+ * authentication is abstract {@link Principal} with role and permissions.
+ */
 @FunctionalInterface
 public interface Authenticator {
 
-  Mono<Principal> authenticate(RequestContext requestContext);
+  /**
+   * Authenticates service clients by given credentials.
+   *
+   * @param credentials credentials
+   * @return result
+   */
+  Mono<Principal> authenticate(byte[] credentials);
 }

services-api/src/main/java/io/scalecube/services/auth/CredentialsSupplier.java

@@ -0,0 +1,19 @@
+package io.scalecube.services.auth;
+
+import reactor.core.publisher.Mono;
+
+/**
+ * Supplier of credentials for authentication with remote service. Implementations can use {@code
+ * byte[0]} to denote empty credentials.
+ */
+@FunctionalInterface
+public interface CredentialsSupplier {
+
+  /**
+   * Obtains credentials for the given service role.
+   *
+   * @param serviceRole serviceRole
+   * @return credentials
+   */
+  Mono<byte[]> credentials(String serviceRole);
+}

services-api/src/main/java/io/scalecube/services/auth/PrincipalMapper.java

@@ -0,0 +1,10 @@
+package io.scalecube.services.auth;
+
+import io.scalecube.services.RequestContext;
+import reactor.core.publisher.Mono;
+
+@FunctionalInterface
+public interface PrincipalMapper {
+
+  Mono<Principal> map(RequestContext requestContext);
+}

services-api/src/main/java/io/scalecube/services/auth/ServiceRolesProcessor.java

@@ -7,6 +7,7 @@
  * Handler for processing of service roles which come out of registered services. Used as
  * post-construction step in bootstraping of services.
  */
+@FunctionalInterface
 public interface ServiceRolesProcessor {
 
   /**

services-api/src/main/java/io/scalecube/services/methods/ServiceMethodInvoker.java

@@ -3,12 +3,12 @@
 import io.scalecube.services.CommunicationMode;
 import io.scalecube.services.RequestContext;
 import io.scalecube.services.api.ServiceMessage;
-import io.scalecube.services.auth.Authenticator;
 import io.scalecube.services.auth.Principal;
+import io.scalecube.services.auth.PrincipalMapper;
 import io.scalecube.services.exceptions.BadRequestException;
+import io.scalecube.services.exceptions.ForbiddenException;
 import io.scalecube.services.exceptions.ServiceException;
 import io.scalecube.services.exceptions.ServiceProviderErrorMapper;
-import io.scalecube.services.exceptions.UnauthorizedException;
 import io.scalecube.services.transport.api.ServiceMessageDataDecoder;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
@@ -27,7 +27,7 @@ public class ServiceMethodInvoker {
   private final MethodInfo methodInfo;
   private final ServiceProviderErrorMapper errorMapper;
   private final ServiceMessageDataDecoder dataDecoder;
-  private final Authenticator authenticator;
+  private final PrincipalMapper principalMapper;
   private final Logger logger;
 
   public ServiceMethodInvoker(
@@ -36,14 +36,14 @@ public ServiceMethodInvoker(
       MethodInfo methodInfo,
       ServiceProviderErrorMapper errorMapper,
       ServiceMessageDataDecoder dataDecoder,
-      Authenticator authenticator,
+      PrincipalMapper principalMapper,
       Logger logger) {
     this.method = Objects.requireNonNull(method, "method");
     this.service = Objects.requireNonNull(service, "service");
     this.methodInfo = Objects.requireNonNull(methodInfo, "methodInfo");
     this.errorMapper = Objects.requireNonNull(errorMapper, "errorMapper");
     this.dataDecoder = Objects.requireNonNull(dataDecoder, "dataDecoder");
-    this.authenticator = authenticator;
+    this.principalMapper = principalMapper;
     this.logger = logger;
   }
 
@@ -58,7 +58,7 @@ public Mono<ServiceMessage> invokeOne(ServiceMessage message) {
         .flatMap(
             context -> {
               final var request = toRequest(message);
-              return authenticate(context)
+              return mapPrincipal(context)
                   .flatMap(
                       principal ->
                           Mono.defer(() -> Mono.from(invokeRequest(request)))
@@ -99,7 +99,7 @@ public Flux<ServiceMessage> invokeMany(ServiceMessage message) {
         .flatMapMany(
             context -> {
               final var request = toRequest(message);
-              return authenticate(context)
+              return mapPrincipal(context)
                   .flatMapMany(
                       principal ->
                           Flux.defer(() -> Flux.from(invokeRequest(request)))
@@ -230,34 +230,34 @@ public MethodInfo methodInfo() {
     return methodInfo;
   }
 
-  public Authenticator authenticator() {
-    return authenticator;
+  public PrincipalMapper principalMapper() {
+    return principalMapper;
   }
 
-  private Mono<Principal> authenticate(RequestContext context) {
+  private Mono<Principal> mapPrincipal(RequestContext context) {
     if (!methodInfo.isSecured()) {
       return Mono.just(context.principal());
     }
 
-    if (authenticator == null) {
+    if (principalMapper == null) {
       if (context.hasPrincipal()) {
         return Mono.just(context.principal());
       } else {
-        throw new UnauthorizedException("Authentication failed");
+        throw new ForbiddenException("Insufficient permissions");
       }
     }
 
-    return authenticator
-        .authenticate(context)
+    return principalMapper
+        .map(context)
         .switchIfEmpty(Mono.just(context.principal()))
-        .onErrorMap(ServiceMethodInvoker::toUnauthorizedException);
+        .onErrorMap(ServiceMethodInvoker::toForbiddenException);
   }
 
-  private static UnauthorizedException toUnauthorizedException(Throwable ex) {
+  private static ForbiddenException toForbiddenException(Throwable ex) {
     if (ex instanceof ServiceException e) {
-      return new UnauthorizedException(e.errorCode(), e.getMessage());
+      return new ForbiddenException(e.errorCode(), e.getMessage());
     } else {
-      return new UnauthorizedException(ex);
+      return new ForbiddenException(ex);
     }
   }
 }

services-api/src/main/java/io/scalecube/services/routing/StaticAddressRouter.java

@@ -5,10 +5,9 @@
 import io.scalecube.services.ServiceReference;
 import io.scalecube.services.ServiceRegistration;
 import io.scalecube.services.api.ServiceMessage;
+import io.scalecube.services.auth.CredentialsSupplier;
 import io.scalecube.services.methods.ServiceMethodDefinition;
 import io.scalecube.services.registry.api.ServiceRegistry;
-import io.scalecube.services.transport.api.ClientTransport;
-import io.scalecube.services.transport.api.ClientTransport.CredentialsSupplier;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
@@ -70,10 +69,9 @@ public Builder address(Address address) {
     }
 
     /**
-     * Setter for whether to apply behavior of {@link ClientTransport.CredentialsSupplier}, or not.
-     * If it is known upfront that destination service is secured, then set this flag to {@code
-     * true}, in such case {@link CredentialsSupplier#credentials(ServiceReference, String)} will be
-     * invoked.
+     * Setter for whether to apply behavior of {@link CredentialsSupplier}, or not. If it is known
+     * upfront that destination service is secured, then set this flag to {@code true}, in such case
+     * {@link CredentialsSupplier#credentials(String)} will be invoked.
      *
      * @param secured secured flag
      * @return this
@@ -85,7 +83,7 @@ public Builder secured(boolean secured) {
 
     /**
      * Setter for {@code serviceRole} property, will be used in the invocation of {@link
-     * CredentialsSupplier#credentials(ServiceReference, String)}.
+     * CredentialsSupplier#credentials(String)}.
      *
      * @param serviceRole serviceRole
      * @return this

services-api/src/main/java/io/scalecube/services/transport/api/ClientTransport.java

@@ -1,7 +1,6 @@
 package io.scalecube.services.transport.api;
 
 import io.scalecube.services.ServiceReference;
-import reactor.core.publisher.Mono;
 
 public interface ClientTransport extends AutoCloseable {
 
@@ -12,21 +11,4 @@ public interface ClientTransport extends AutoCloseable {
    * @return {@link ClientChannel} instance
    */
   ClientChannel create(ServiceReference serviceReference);
-
-  /**
-   * Supplier of credentials for authentication on the {@link ServerTransport}. Being used in the
-   * connection setup phase with remote {@link ServerTransport}.
-   */
-  @FunctionalInterface
-  interface CredentialsSupplier {
-
-    /**
-     * Obtains credentials for the given {@code serviceReference}.
-     *
-     * @param serviceReference target serviceReference
-     * @param serviceRole target serviceRole
-     * @return result
-     */
-    Mono<byte[]> credentials(ServiceReference serviceReference, String serviceRole);
-  }
 }

services-api/src/main/java/io/scalecube/services/transport/api/ServerTransport.java

@@ -1,8 +1,6 @@
 package io.scalecube.services.transport.api;
 
 import io.scalecube.services.Address;
-import io.scalecube.services.auth.Principal;
-import reactor.core.publisher.Mono;
 
 public interface ServerTransport {
 
@@ -22,20 +20,4 @@ public interface ServerTransport {
 
   /** Stops this instance and release allocated resources. */
   void stop();
-
-  /**
-   * Authentication interface to handle clients that being connected from remote {@link
-   * ClientTransport} instances.
-   */
-  @FunctionalInterface
-  interface Authenticator {
-
-    /**
-     * Authenticates service transport connection by given credentials.
-     *
-     * @param credentials credentials
-     * @return result
-     */
-    Mono<Principal> authenticate(byte[] credentials);
-  }
 }