[server] Revert keep alive method for ServerAuthenticator for each rpc invocation.

Author: loserwang1024

fluss-common/src/main/java/com/alibaba/fluss/security/auth/ServerAuthenticator.java

@@ -20,16 +20,13 @@
 import com.alibaba.fluss.exception.AuthenticationException;
 import com.alibaba.fluss.security.acl.FlussPrincipal;
 
-import java.io.Closeable;
-import java.io.IOException;
-
 /**
  * Authenticator for server side.
  *
  * @since 0.7
  */
 @PublicEvolving
-public interface ServerAuthenticator extends Closeable {
+public interface ServerAuthenticator {
 
     String protocol();
 
@@ -86,30 +83,6 @@ default void initialize(AuthenticateContext context) {}
      */
     FlussPrincipal createPrincipal();
 
-    /**
-     * Performs a lightweight authentication check during each RPC invocation.
-     *
-     * <p>For example, this method serves some purposes:
-     *
-     * <ul>
-     *   <li>Verifies that the current authentication state remains valid (e.g., session not
-     *       expired, token still active).
-     *   <li>Optionally refreshes or extends the session to prevent expiration.
-     * </ul>
-     *
-     * <p>Implementations should ensure this method is non-blocking and efficient, as it may be
-     * invoked on every RPC call. A caching strategy is recommended if remote or expensive
-     * operations are involved.
-     *
-     * @throws AuthenticationException if the authentication has expired or become invalid
-     */
-    default void keepAlive(short apiKey) throws AuthenticationException {}
-
-    /** Close the authenticator. */
-    default void close() throws IOException {}
-
     /** The context of the authentication process. */
-    interface AuthenticateContext {
-        String ipAddress();
-    }
+    interface AuthenticateContext {}
 }

fluss-rpc/src/main/java/com/alibaba/fluss/rpc/netty/server/NettyServerHandler.java

@@ -39,7 +39,6 @@
 import com.alibaba.fluss.shaded.netty4.io.netty.handler.timeout.IdleState;
 import com.alibaba.fluss.shaded.netty4.io.netty.handler.timeout.IdleStateEvent;
 import com.alibaba.fluss.utils.ExceptionUtils;
-import com.alibaba.fluss.utils.IOUtils;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -140,9 +139,6 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception
                 // 3. the channel is complete, but receive auth request (PLAINTEXT case)
                 handleAuthenticateRequest(apiKey, requestMessage, future);
             } else {
-                if (state.isReady()) {
-                    authenticator.keepAlive(apiKey);
-                }
                 requestChannel.putRequest(request);
             }
 
@@ -179,7 +175,6 @@ public void channelActive(ChannelHandlerContext ctx) throws Exception {
     @Override
     public void channelInactive(ChannelHandlerContext ctx) throws Exception {
         super.channelInactive(ctx);
-        close();
     }
 
     @Override
@@ -188,7 +183,7 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exc
             IdleStateEvent event = (IdleStateEvent) evt;
             if (event.state().equals(IdleState.ALL_IDLE)) {
                 LOG.warn("Connection {} is idle, closing...", ctx.channel().remoteAddress());
-                close();
+                ctx.close();
             }
         }
     }
@@ -212,7 +207,6 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws E
 
     private void close() {
         switchState(ConnectionState.CLOSE);
-        IOUtils.closeQuietly(authenticator);
         ctx.close();
     }
 
@@ -369,18 +363,8 @@ public boolean isActive() {
         public boolean isAuthenticating() {
             return this == AUTHENTICATING;
         }
-
-        public boolean isReady() {
-            return this == READY;
-        }
     }
 
-    private class DefaultAuthenticateContext implements ServerAuthenticator.AuthenticateContext {
-        @Override
-        public String ipAddress() {
-            return ((InetSocketAddress) ctx.channel().remoteAddress())
-                    .getAddress()
-                    .getHostAddress();
-        }
-    }
+    private static class DefaultAuthenticateContext
+            implements ServerAuthenticator.AuthenticateContext {}
 }

fluss-rpc/src/test/java/com/alibaba/fluss/rpc/netty/authenticate/AuthenticationTest.java

@@ -62,7 +62,6 @@ public void cleanup() throws Exception {
         if (nettyServer != null) {
             nettyServer.close();
         }
-        MutualAuthenticationPlugin.errorType = MutualAuthenticationPlugin.ErrorType.NONE;
     }
 
     @Test
@@ -89,8 +88,7 @@ void testMutualAuthenticate() throws Exception {
         }
 
         // test invalid challenge from server
-        MutualAuthenticationPlugin.errorType =
-                MutualAuthenticationPlugin.ErrorType.SERVER_ERROR_CHALLENGE;
+        clientConfig.setString("client.security.mutual.error-type", "SERVER_ERROR_CHALLENGE");
         try (NettyClient nettyClient =
                 new NettyClient(clientConfig, TestingClientMetricGroup.newInstance())) {
             assertThatThrownBy(() -> verifyGetTableNamesList(nettyClient, mutualAuthServerNode))
@@ -100,8 +98,7 @@ void testMutualAuthenticate() throws Exception {
         }
 
         // test invalid token from client
-        MutualAuthenticationPlugin.errorType =
-                MutualAuthenticationPlugin.ErrorType.CLIENT_ERROR_SECOND_TOKE;
+        clientConfig.setString("client.security.mutual.error-type", "CLIENT_ERROR_SECOND_TOKEN");
         try (NettyClient nettyClient =
                 new NettyClient(clientConfig, TestingClientMetricGroup.newInstance())) {
             assertThatThrownBy(() -> verifyGetTableNamesList(nettyClient, mutualAuthServerNode))
@@ -114,8 +111,7 @@ void testMutualAuthenticate() throws Exception {
     void testNoChallengeBeforeClientComplete() throws Exception {
         Configuration clientConfig = new Configuration();
         clientConfig.set(ConfigOptions.CLIENT_SECURITY_PROTOCOL, "mutual");
-        MutualAuthenticationPlugin.errorType =
-                MutualAuthenticationPlugin.ErrorType.SERVER_NO_CHALLENGE;
+        clientConfig.setString("client.security.mutual.error-type", "SERVER_NO_CHALLENGE");
         try (NettyClient nettyClient =
                 new NettyClient(clientConfig, TestingClientMetricGroup.newInstance())) {
 
@@ -130,8 +126,7 @@ void testNoChallengeBeforeClientComplete() throws Exception {
     void testRetirableAuthenticateException() throws Exception {
         Configuration clientConfig = new Configuration();
         clientConfig.set(ConfigOptions.CLIENT_SECURITY_PROTOCOL, "mutual");
-        MutualAuthenticationPlugin.errorType =
-                MutualAuthenticationPlugin.ErrorType.RETRIABLE_EXCEPTION;
+        clientConfig.setString("client.security.mutual.error-type", "RETRIABLE_EXCEPTION");
         try (NettyClient nettyClient =
                 new NettyClient(clientConfig, TestingClientMetricGroup.newInstance())) {
             verifyGetTableNamesList(nettyClient, mutualAuthServerNode);
@@ -208,22 +203,6 @@ void testMultiClientsWithSameProtocol() throws Exception {
         }
     }
 
-    @Test
-    void testKeepAliveError() throws Exception {
-        Configuration clientConfig = new Configuration();
-        clientConfig.set(ConfigOptions.CLIENT_SECURITY_PROTOCOL, "mutual");
-        try (NettyClient nettyClient =
-                new NettyClient(clientConfig, TestingClientMetricGroup.newInstance())) {
-            verifyGetTableNamesList(nettyClient, mutualAuthServerNode);
-            MutualAuthenticationPlugin.errorType =
-                    MutualAuthenticationPlugin.ErrorType.KEEP_ALIVE_ERROR;
-            assertThatThrownBy(() -> verifyGetTableNamesList(nettyClient, mutualAuthServerNode))
-                    .hasRootCauseExactlyInstanceOf(AuthenticationException.class)
-                    .rootCause()
-                    .hasMessageContaining("Keep alive error");
-        }
-    }
-
     private void verifyGetTableNamesList(NettyClient nettyClient, ServerNode serverNode)
             throws Exception {
         ListTablesRequest request = new ListTablesRequest().setDatabaseName("test-database");

fluss-rpc/src/test/java/com/alibaba/fluss/rpc/netty/authenticate/MutualAuthenticationPlugin.java

@@ -16,6 +16,7 @@
 
 package com.alibaba.fluss.rpc.netty.authenticate;
 
+import com.alibaba.fluss.config.ConfigOption;
 import com.alibaba.fluss.config.Configuration;
 import com.alibaba.fluss.exception.AuthenticationException;
 import com.alibaba.fluss.exception.RetriableAuthenticationException;
@@ -25,22 +26,25 @@
 import com.alibaba.fluss.security.auth.ServerAuthenticationPlugin;
 import com.alibaba.fluss.security.auth.ServerAuthenticator;
 
-import java.io.IOException;
 import java.util.concurrent.ThreadLocalRandom;
 
+import static com.alibaba.fluss.config.ConfigBuilder.key;
+
 /**
  * An {@link com.alibaba.fluss.security.auth.AuthenticationPlugin} to mock mutual authentication.
  */
 public class MutualAuthenticationPlugin
         implements ServerAuthenticationPlugin, ClientAuthenticationPlugin {
 
     private static final String MUTUAL_AUTH_PROTOCOL = "mutual";
-
-    public static ErrorType errorType = ErrorType.NONE;
+    private static final ConfigOption<ErrorType> ERROR_TYPE =
+            key("client.security.mutual.error-type")
+                    .enumType(ErrorType.class)
+                    .defaultValue(ErrorType.NONE);
 
     @Override
     public ClientAuthenticator createClientAuthenticator(Configuration configuration) {
-        return new ClientAuthenticatorImpl();
+        return new ClientAuthenticatorImpl(configuration);
     }
 
     @Override
@@ -63,6 +67,11 @@ private enum Status {
 
         private Status status;
         Integer initialSalt;
+        private final int errorType;
+
+        public ClientAuthenticatorImpl(Configuration configuration) {
+            this.errorType = configuration.get(ERROR_TYPE).code;
+        }
 
         @Override
         public String protocol() {
@@ -79,16 +88,23 @@ public void initialize(AuthenticateContext context) {
         public byte[] authenticate(byte[] data) throws AuthenticationException {
             switch (status) {
                 case SEND_CLIENT_FIRST_MESSAGE:
-                    initialSalt = generateInitialSalt();
+                    initialSalt =
+                            isError(
+                                            errorType,
+                                            ErrorType.SERVER_NO_CHALLENGE,
+                                            ErrorType.SERVER_ERROR_CHALLENGE,
+                                            ErrorType.RETRIABLE_EXCEPTION)
+                                    ? errorType
+                                    : generateInitialSalt();
                     status = Status.RECEIVE_SERVER_FIRST_MESSAGE;
                     return String.valueOf(initialSalt).getBytes();
                 case RECEIVE_SERVER_FIRST_MESSAGE:
                     int challenge = parseToken(data);
                     if (challenge == initialSalt + 1) {
                         status = Status.RECEIVE_SERVER_FINAL_MESSAGE;
                         return String.valueOf(
-                                        errorType == ErrorType.CLIENT_ERROR_SECOND_TOKE
-                                                ? -1
+                                        isError(errorType, ErrorType.CLIENT_ERROR_SECOND_TOKEN)
+                                                ? errorType
                                                 : challenge + 1)
                                 .getBytes();
                     } else {
@@ -122,14 +138,12 @@ private static class ServerAuthenticatorImpl implements ServerAuthenticator {
         private enum Status {
             RECEIVE_CLIENT_FIRST_MESSAGE,
             RECEIVE_CLIENT_FINAL_MESSAGE,
-            COMPLETED,
-            CLOSED
+            COMPLETED
         }
 
         private Integer initialSalt;
         private int retryNumber = 0;
         private Status status = Status.RECEIVE_CLIENT_FIRST_MESSAGE;
-        private String ip;
 
         @Override
         public String protocol() {
@@ -139,7 +153,6 @@ public String protocol() {
         @Override
         public void initialize(AuthenticateContext context) {
             this.status = Status.RECEIVE_CLIENT_FIRST_MESSAGE;
-            this.ip = context.ipAddress();
             this.initialSalt = null;
         }
 
@@ -148,14 +161,14 @@ public byte[] evaluateResponse(byte[] token) throws AuthenticationException {
             int tokenValue = parseToken(token);
             switch (status) {
                 case RECEIVE_CLIENT_FIRST_MESSAGE:
-                    if (errorType == ErrorType.SERVER_NO_CHALLENGE) {
+                    if (isError(tokenValue, ErrorType.SERVER_NO_CHALLENGE)) {
                         return null;
                     }
-                    if (errorType == ErrorType.SERVER_ERROR_CHALLENGE) {
+                    if (isError(tokenValue, ErrorType.SERVER_ERROR_CHALLENGE)) {
                         return "-1".getBytes();
                     }
-                    if (errorType == ErrorType.RETRIABLE_EXCEPTION && retryNumber++ < 3) {
-                        throw new RetriableAuthenticationException("Retriable exception " + ip);
+                    if (isError(tokenValue, ErrorType.RETRIABLE_EXCEPTION) && retryNumber++ < 3) {
+                        throw new RetriableAuthenticationException("Retriable exception");
                     }
 
                     initialSalt = tokenValue + 1;
@@ -186,18 +199,6 @@ public FlussPrincipal createPrincipal() {
         public boolean isCompleted() {
             return status == Status.COMPLETED;
         }
-
-        @Override
-        public void keepAlive(short apiKey) throws AuthenticationException {
-            if (errorType == ErrorType.KEEP_ALIVE_ERROR) {
-                throw new AuthenticationException("Keep alive error");
-            }
-        }
-
-        @Override
-        public void close() throws IOException {
-            status = Status.CLOSED;
-        }
     }
 
     private static int parseToken(byte[] token) {
@@ -211,13 +212,26 @@ private static int generateInitialSalt() {
         return ThreadLocalRandom.current().nextInt(0, Integer.MAX_VALUE);
     }
 
-    /** Error types for testing. */
-    public enum ErrorType {
-        NONE,
-        SERVER_NO_CHALLENGE,
-        SERVER_ERROR_CHALLENGE,
-        CLIENT_ERROR_SECOND_TOKE,
-        RETRIABLE_EXCEPTION,
-        KEEP_ALIVE_ERROR
+    private static boolean isError(int errorType, ErrorType... errorTypes) {
+        for (ErrorType type : errorTypes) {
+            if (errorType == type.code) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    enum ErrorType {
+        NONE(-1),
+        SERVER_NO_CHALLENGE(-2),
+        SERVER_ERROR_CHALLENGE(-3),
+        CLIENT_ERROR_SECOND_TOKEN(-4),
+        RETRIABLE_EXCEPTION(-5);
+
+        final int code;
+
+        ErrorType(int code) {
+            this.code = code;
+        }
     }
 }