Package org.mockserver.netty
Class DataPlaneAuthenticationGate
java.lang.Object
org.mockserver.netty.DataPlaneAuthenticationGate
Shared data-plane (mocked endpoint) authentication gate used by every Netty data-plane dispatch
path —
HttpRequestHandler (HTTP/1.1, HTTP/2, gRPC-over-h2) and
Http3MockServerHandler (HTTP/3 / QUIC, including gRPC-over-HTTP/3). Keeping the gate in one
place ensures the policy and the 401 response are byte-identical across transports and that a new
data-plane entry point cannot accidentally skip the check (the HTTP/3 path previously did,
fail-OPEN).
The decision itself lives in core (DataPlaneAuthenticator: opt-in, default off,
fail-closed when required-but-unconfigured, constant-time secret compare). This helper only
invokes it and — on failure — writes the 401 with the correct WWW-Authenticate
challenge through the transport's ResponseWriter and records the audit log entry.
-
Method Summary
Modifier and TypeMethodDescriptionstatic booleanisAuthenticated(Configuration configuration, MockServerLogger mockServerLogger, HttpRequest request, ResponseWriter responseWriter) Apply the data-plane authentication gate.
-
Method Details
-
isAuthenticated
public static boolean isAuthenticated(Configuration configuration, MockServerLogger mockServerLogger, HttpRequest request, ResponseWriter responseWriter) Apply the data-plane authentication gate. Call this immediately before dispatching a data-plane request tohttpActionHandler.processAction(...)on every transport.Cheap default-off path: when
dataPlaneAuthenticationRequiredis false this is a single boolean read and returnstruewith no allocation, so behaviour is byte-identical to a server without the feature.- Returns:
trueif the request is authenticated (or the gate is disabled) and the caller should proceed toprocessAction;falseif a401has already been written viaresponseWriterand the caller must NOT proceed.
-