Skip to content

Refactor Kafka authentication using strategy and template method patterns #47209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Refactor Kafka authentication using strategy and template method patterns #47209

wants to merge 5 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Nov 10, 2025
edited
Loading

Description

Spring Cloud Azure's Kafka authentication implementation was scattered across multiple packages with duplicated logic. Two authentication methods exist: OAuth2/OAUTHBEARER (recommended, uses Azure Identity) and connection string-based SASL_PLAIN (deprecated). The implementation lacked clear separation of concerns and was difficult to extend.

This PR refactors the implementation using both Strategy Pattern and Template Method Pattern to consolidate common logic and make both authentication methods follow a consistent structure.

Changes

Strategy Pattern Introduction

  • Created KafkaAuthenticationConfigurer interface for authentication strategies
  • Extracted OAuth2 logic into OAuth2AuthenticationConfigurer
  • Created ConnectionStringAuthenticationConfigurer for connection string authentication
  • Refactored AbstractKafkaPropertiesBeanPostProcessor to delegate to configurers

Template Method Pattern Implementation

  • Created AbstractKafkaAuthenticationConfigurer as template base class
  • Extracted common validation logic: bootstrap server checks, SASL protocol validation, property getters
  • Both OAuth2AuthenticationConfigurer and ConnectionStringAuthenticationConfigurer extend the template
  • Eliminated code duplication between authentication strategies

Documentation

  • Added kafka/README.md covering architecture, authentication methods, and migration guide
  • Enhanced Javadoc with usage examples and configuration patterns
  • Documented template method pattern with class hierarchy and extension points
  • Documented deprecated connection string approach with migration path

Code Organization

  • Consolidated authentication detection and configuration logic
  • Improved separation: detection → configuration → cleanup phases
  • Made authentication methods explicit and extensible
  • Updated eventhubs.kafka.KafkaPropertiesBeanPostProcessor to use ConnectionStringAuthenticationConfigurer

Architecture

KafkaAuthenticationConfigurer (interface)
    ↑
AbstractKafkaAuthenticationConfigurer (template)
    ↑                           ↑
OAuth2AuthenticationConfigurer  ConnectionStringAuthenticationConfigurer

Authentication Methods

OAuth2/OAUTHBEARER (Recommended)

spring.kafka.bootstrap-servers=namespace.servicebus.windows.net:9093
spring.cloud.azure.credential.managed-identity-enabled=true

Connection String (Deprecated)

spring.cloud.azure.eventhubs.connection-string=Endpoint=sb://...

Impact

  • 5 new files: strategy interface, template base class, OAuth2 implementation, ConnectionString implementation, documentation
  • 4 modified files: enhanced docs, refactored to use strategy and template patterns
  • +770 lines (including documentation), -84 lines

All SDK Contribution checklist:

  • The pull request does not introduce [breaking changes]
  • CHANGELOG is updated for new features, bug fixes or other significant changes.
  • I have read the contribution guidelines.

General Guidelines and Best Practices

  • Title of the pull request is clear and informative.
  • There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

Original prompt

This section details on the original issue you should resolve

<issue_title>[FEATURE REQ] Refactor Kafka support in Spring Cloud Azure</issue_title>
<issue_description>Now there are two authentication methods support in Spring Cloud Azure, one SASL plain, another is SASL connection string. The first will use the Event Hubs connection string, the second will use Microsoft Entra ID to auth.

But the implementation in Spring Cloud Azure is not consistent, and scattered in different autoconfiguration or BeanPostProcessors.

Describe the solution you'd like
Refactor the implemenataion to make the code easy to read and understand.

Describe alternatives you've considered
N/A
Additional context
N/A

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Description Added
  • Expected solution specified
    </issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits November 10, 2025 07:17
@saragluna
Introduce strategy pattern for Kafka authentication configuration
432ae29 
- Create KafkaAuthenticationConfigurer interface for strategy pattern
- Implement OAuth2AuthenticationConfigurer to handle OAuth2/OAUTHBEARER auth
- Refactor AbstractKafkaPropertiesBeanPostProcessor to use the new strategy
- All existing tests pass without modification

Co-authored-by: saragluna <31124698+saragluna@users.noreply.github.com>
@saragluna
Add comprehensive documentation and improve code clarity
65d82ba 
- Create README.md explaining architecture and authentication methods
- Add detailed Javadoc to all auto-configuration classes
- Improve AbstractKafkaPropertiesBeanPostProcessor documentation
- Fix checkstyle issues
- All tests passing ✅

Co-authored-by: saragluna <31124698+saragluna@users.noreply.github.com>
Copilot AI changed the title [WIP] Refactor Kafka support in Spring Cloud Azure Refactor Kafka authentication configuration using strategy pattern Nov 10, 2025
Copilot AI requested a review from saragluna November 10, 2025 07:28
Copilot finished work on behalf of saragluna November 10, 2025 07:28
saragluna
saragluna reviewed Nov 10, 2025
View reviewed changes
...om/azure/spring/cloud/autoconfigure/implementation/kafka/OAuth2AuthenticationConfigurer.java Outdated
* Configures OAuth2 (OAUTHBEARER) authentication for Kafka using Azure Identity credentials.
* This configurer handles Azure Event Hubs for Kafka scenarios with Microsoft Entra ID authentication.
*/
class OAuth2AuthenticationConfigurer implements KafkaAuthenticationConfigurer {
Copy link
Member

@saragluna saragluna Nov 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be annother ConnectionStringAuthenticationConfigurer, and it's also a strategy, the common logic should be extracted to a common template. @copilot

Copy link
Member

@saragluna saragluna Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot, there should be annother ConnectionStringAuthenticationConfigurer, and it's also a strategy, the common logic should be extracted to a common template.

Copy link
Contributor Author

Copilot AI Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done! I've created ConnectionStringAuthenticationConfigurer as a strategy and extracted common logic into AbstractKafkaAuthenticationConfigurer template class.

Changes:

  • AbstractKafkaAuthenticationConfigurer - Template base with common validation logic (bootstrap server checks, SASL protocol validation, property getters)
  • ConnectionStringAuthenticationConfigurer - Implements connection string auth strategy
  • OAuth2AuthenticationConfigurer - Refactored to extend the template
  • Both configurers now share common code and follow the same structure

Commit: b001273 (documentation update), e241088 (implementation)

Copilot AI and others added 2 commits November 10, 2025 08:17
@saragluna
Extract common logic into AbstractKafkaAuthenticationConfigurer template
e241088 
- Create AbstractKafkaAuthenticationConfigurer as base template class
- Create ConnectionStringAuthenticationConfigurer for deprecated connection string auth
- Refactor OAuth2AuthenticationConfigurer to extend template
- Update eventhubs.kafka.KafkaPropertiesBeanPostProcessor to use ConnectionStringAuthenticationConfigurer
- All tests pass ✅

Co-authored-by: saragluna <31124698+saragluna@users.noreply.github.com>
@saragluna
Update README with template method pattern documentation
b001273 
- Document AbstractKafkaAuthenticationConfigurer template class
- Add class hierarchy diagram
- Update extension points with template usage examples
- Document inherited methods available to subclasses

Co-authored-by: saragluna <31124698+saragluna@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Nov 10, 2025

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • oss.jfrog.org
    • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java --enable-native-access=ALL-UNNAMED -classpath /usr/share/apache-maven-3.9.11/boot/plexus-classworlds-2.9.0.jar -Dclassworlds.conf=/usr/share/apache-maven-3.9.11/bin/m2.conf -Dmaven.home=/usr/share/apache-maven-3.9.11 -Dlibrary.jansi.path=/usr/share/apache-maven-3.9.11/lib/jansi-native -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/azure-sdk-for-java/azure-sdk-for-java/sdk/spring/spring-cloud-azure-autoconfigure org.codehaus.plexus.classworlds.launcher.Launcher clean compile (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title Refactor Kafka authentication configuration using strategy pattern Refactor Kafka authentication using strategy and template method patterns Nov 10, 2025
Copilot AI requested a review from saragluna November 10, 2025 08:21
Copilot finished work on behalf of saragluna November 10, 2025 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saragluna saragluna Awaiting requested review from saragluna saragluna is a code owner

@rujche rujche Awaiting requested review from rujche rujche will be requested when the pull request is marked ready for review rujche is a code owner

@Netyyyy Netyyyy Awaiting requested review from Netyyyy Netyyyy will be requested when the pull request is marked ready for review Netyyyy is a code owner

@moarychan moarychan Awaiting requested review from moarychan moarychan will be requested when the pull request is marked ready for review moarychan is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@saragluna saragluna

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE REQ] Refactor Kafka support in Spring Cloud Azure

2 participants

@saragluna