diff --git a/src/main/java/io/lettuce/authx/TokenBasedRedisCredentialsProvider.java b/src/main/java/io/lettuce/authx/TokenBasedRedisCredentialsProvider.java index f7b82924a..8eb12e7bc 100644 --- a/src/main/java/io/lettuce/authx/TokenBasedRedisCredentialsProvider.java +++ b/src/main/java/io/lettuce/authx/TokenBasedRedisCredentialsProvider.java @@ -18,6 +18,25 @@ import redis.clients.authentication.core.TokenListener; import redis.clients.authentication.core.TokenManager; +/** + * A {@link RedisCredentialsProvider} implementation that supports token-based authentication for Redis. + *

+ * This provider uses a {@link TokenManager} to manage and renew tokens, ensuring that the Redis client can authenticate with + * Redis using a dynamically updated token. This is particularly useful in scenarios where Redis access is controlled via + * token-based authentication, such as when Redis is integrated with an identity provider like EntraID. + *

+ *

+ * The provider supports streaming of credentials and automatically emits new credentials whenever a token is renewed. It must + * be used with {@link io.lettuce.core.ClientOptions.ReauthenticateBehavior#ON_NEW_CREDENTIALS} to automatically re-authenticate + * connections whenever new tokens are emitted by the provider. + *

+ *

+ * The lifecycle of this provider is externally managed. It should be closed when there are no longer any connections using it, + * to stop the token management process and release resources. + *

+ * + * @since 6.6 + */ public class TokenBasedRedisCredentialsProvider implements RedisCredentialsProvider, AutoCloseable { private static final Logger log = LoggerFactory.getLogger(TokenBasedRedisCredentialsProvider.class); diff --git a/src/main/java/io/lettuce/core/RedisAuthenticationHandler.java b/src/main/java/io/lettuce/core/RedisAuthenticationHandler.java index 5a3733381..81b0bc9dd 100644 --- a/src/main/java/io/lettuce/core/RedisAuthenticationHandler.java +++ b/src/main/java/io/lettuce/core/RedisAuthenticationHandler.java @@ -190,14 +190,33 @@ private static boolean isSupported(ClientOptions clientOptions) { } } - public void postProcess(RedisCommand toSend) { + /** + * Post-processes the command after it is sent to the server. + *

+ * If the command type is either {@link RedisCommand.Type#EXEC} or {@link RedisCommand.Type#DISCARD}, the transaction state + * is cleared and a check for deferred credentials is initiated. + *

+ * + * @param toSend the command to post-process + */ + protected void postProcess(RedisCommand toSend) { if (toSend.getType() == EXEC || toSend.getType() == DISCARD) { inTransaction.set(false); setCredentials(credentialsRef.getAndSet(null)); } } - public void postProcess(Collection> dispatched) { + /** + * Post-processes a collection of dispatched commands after they are sent to the server. + *

+ * This method checks if any of the dispatched commands indicate the completion of a transaction (via + * {@link RedisCommand.Type#EXEC} or {@link RedisCommand.Type#DISCARD}). If the transaction is complete, it clears the + * transaction state and initiates a check for deferred credentials. + *

+ * + * @param dispatched the collection of dispatched commands to post-process + */ + protected void postProcess(Collection> dispatched) { Boolean transactionComplete = null; for (RedisCommand command : dispatched) { if (command.getType() == EXEC || command.getType() == DISCARD) { @@ -348,7 +367,12 @@ public DisabledAuthenticationHandler() { } @Override - public void postProcess(RedisCommand toSend) { + protected void postProcess(RedisCommand toSend) { + // No-op + } + + @Override + protected void postProcess(Collection> dispatched) { // No-op }