search

Azure / azure-sdk-for-java

This repository is for active development of the Azure SDK for Java. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/java/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-java.
MIT License
2.25k stars 1.93k forks source link

Kerberos Authentication to Proxy on EventProcessorClient #39566

Open erdeminanc opened 2 months ago

erdeminanc commented 2 months ago

Query/Question Currently EventProcessorClient supports Proxy Authentication via Basic and DIGEST. I need to setup the EventProcessorClient behind a corporate secure proxy and I need to authenticate to proxy via Kerberos.

I was able to create a custom HttpClient via implementing HttpClient of Azure and used it in BlobContainerAsyncClient as a result it connected to Blob Storage via using custom HttpClient configured with Kerberos authentication successfully.

I have also implemented HttpClientProvider of Azure and overriden createInstance method where I have returned my custom HttpClient implementation and forced it to use my implementation via setting the environment property like below:

AZURE_HTTP_CLIENT_IMPLEMENTATION: com.*.ApacheHttpClientProvider (full path here - star only for hiding details)

However EventProcessorClient doesn't work and logs below message on onError() callback with the below error message

Error occurred on partition: NONE. Error: java.io.IOException: Attempted read from closed stream.

Why is this not a Bug or a feature Request? A clear explanation of why is this not a bug or a feature request?

On EventProcessorClient there is no direct call to.httpClient() or Kerberos Authentication under .proxyOptions().

Setup:

github-actions[bot] commented 2 months ago

@anuchandy @conniey @lmolkova

github-actions[bot] commented 2 months ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

anuchandy commented 2 months ago

At the moment we’ve only Digest and Basic authentication built in. We’ve a feature request to make the pluggable Proxy contract, so users with need for any specific authentication mechanisms can implement challenge handshaking (e.g., by inspecting proxy-authorization headers, connecting to external token auth-source etc..) for their proxy server and plugin it in.