Class DataPlaneAuthenticationGate

java.lang.Object
org.mockserver.netty.DataPlaneAuthenticationGate

public final class DataPlaneAuthenticationGate extends Object
Shared data-plane (mocked endpoint) authentication gate used by every Netty data-plane dispatch path — HttpRequestHandler (HTTP/1.1, HTTP/2, gRPC-over-h2) and Http3MockServerHandler (HTTP/3 / QUIC, including gRPC-over-HTTP/3). Keeping the gate in one place ensures the policy and the 401 response are byte-identical across transports and that a new data-plane entry point cannot accidentally skip the check (the HTTP/3 path previously did, fail-OPEN).

The decision itself lives in core (DataPlaneAuthenticator: opt-in, default off, fail-closed when required-but-unconfigured, constant-time secret compare). This helper only invokes it and — on failure — writes the 401 with the correct WWW-Authenticate challenge through the transport's ResponseWriter and records the audit log entry.

  • Method Details

    • isAuthenticated

      public static boolean isAuthenticated(Configuration configuration, MockServerLogger mockServerLogger, HttpRequest request, ResponseWriter responseWriter)
      Apply the data-plane authentication gate. Call this immediately before dispatching a data-plane request to httpActionHandler.processAction(...) on every transport.

      Cheap default-off path: when dataPlaneAuthenticationRequired is false this is a single boolean read and returns true with no allocation, so behaviour is byte-identical to a server without the feature.

      Returns:
      true if the request is authenticated (or the gate is disabled) and the caller should proceed to processAction; false if a 401 has already been written via responseWriter and the caller must NOT proceed.