```
public interface AuthHandler
```
Custom authorization/authentication handlers implement this interface. The implementations are loaded from the classpath using `ServiceLoader` (https://docs.oracle.com/javase/7/docs/api/java/util/ServiceLoader.html) Pravega controller also implements this interface through io.pravega.controller.server.rpc.auth.PasswordAuthHandler. Each custom auth handler is registered with a unique name identifying a supported authentication scheme. The client supplies authentication credentials formatted as per HTTP 1.1 (RFC 7235):
```
     Authentication: <scheme> <token>
 
```
This is done by implementing `PravegaCredentials` interface and passing it to client calls. The credentials are passed via the Authorization header. For gRPC, the header is passed via call metadata. For REST, the credentials are passed as the value of the HTTP Authorization header. For gRPC, the credentials are passed as the value of the Authorization header in call metadata.

Nested Class Summary

Nested Classes
Modifier and Type Interface Description

static class AuthHandler.Permissions

Method Summary

All Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method	Description
`java.security.Principal`	`authenticate(java.lang.String token)`	Authenticates a given request.
`AuthHandler.Permissions`	`authorize(java.lang.String resource, java.security.Principal principal)`	Authorizes the access to a given resource.
`java.lang.String`	`getHandlerName()`	Returns name of the handler.
`default void`	`initialize(ServerConfig serverConfig)`	Sets the configuration.

- Method Detail
  - getHandlerName
```
java.lang.String getHandlerName()
```
    Returns name of the handler. Only the first implementation with a unique name will be loaded.
    
    Returns:
    
    The unique name assigned to the handler.
  - authenticate
```
java.security.Principal authenticate(java.lang.String token)
                              throws AuthException
```
    Authenticates a given request. Pravega controller passes the HTTP headers associated with the call. The custom implementation returns whether the user represented by these headers is authenticated.
    
    Parameters:
    
    token - the credentials token passed via the Authorization header.
    
    Returns:
    
    Returns the Principal represented by the token.
    
    Throws:
    
    AuthException - Exception of type AuthException thrown if there is any error.
  - authorize
```
AuthHandler.Permissions authorize(java.lang.String resource,
                                  java.security.Principal principal)
```
    Authorizes the access to a given resource. Pravega controller passes the HTTP headers associated with the call. The implementations of this interface should return the maximum level of authorization possible for the user represented by the headers.
    
    Parameters:
    
    resource - the resource that needs to be accessed.
    
    principal - the Principal which needs to be authorized. This is generally a Principal returned by an earlier call to `authenticate` method.
    
    Returns:
    
    The level of authorization.
  - initialize
```
default void initialize(ServerConfig serverConfig)
```
    Sets the configuration. If the auth handler needs to access the server configuration, it can be accessed though this var.
    
    Parameters:
    
    serverConfig - The server configuration.

Interface AuthHandler

Nested Class Summary

Method Summary

Method Detail

getHandlerName

authenticate

authorize

initialize