fix: apache#24795

🔗 Related links

• issue: [feat] Authentication implementations such as AuthenticationOAuth2 should support sharing thread pools or DNS cache apache/pulsar#24795
• comments: [feat][client] oauth2 trustcerts file and timeouts apache/pulsar#24944 (comment)

Motivation

Currently, each instance of AuthenticationOAuth2 creates its own HTTP client with dedicated thread pools and DNS resolvers. In applications with multiple Pulsar clients or authentication providers, this leads to excessive thread creation and inefficient resource utilization. According to issues apache#24795 and apache#24944, there's a need for authentication implementations to share resources like thread pools to reduce system overhead.

With this PR, the OAuth2 authentication flow is enhanced as follows:
1.Resource Sharing at Client Initialization:

• When a PulsarClient is created, it builds an AuthenticationInitContext containing shared resources
• This context includes the client's main EventLoopGroup, Timer, and NameResolver

2.Authentication Provider Initialization:

• The Authentication.start(AuthenticationInitContext) method is called with the context
• Authentication providers can now retrieve shared services via context.getService(Class<T>)

3.Simplified HTTP Client Creation:

• Authentication implementations can now use AuthenticationHttpClientFactory.createHttpClient() to obtain pre-configured HTTP clients
• The factory automatically leverages shared resources from the AuthenticationInitContext when available
• Developers only need to provide custom configuration parameters (timeouts, SSL certificates) if needed

4.Backward-Compatible Factory Methods:

• When not provided, the factory creates optimized HTTP clients using shared resources

Modifications

1.New API Interface:

• Introduced AuthenticationInitContext interface providing access to shared services

• Added start(AuthenticationInitContext) method to Authentication interface

2.Implementation:

• Created AuthenticationInitContextImpl implementing the context interface

• Modified PulsarClientImpl to build and pass context during authentication initialization

• Updated AuthenticationOAuth2 to use shared HTTP client resources via the context

3.HTTP Client Factory:

• Created AuthenticationHttpClientFactory for building HTTP clients with shared resources

• Added AuthenticationHttpClientConfig for HTTP client configuration

• Modified OAuth2 flow classes to accept pre-configured HTTP clients and DNS resolvers

4.Factory Updates:

• Enhanced AuthenticationFactoryOAuth2.ClientCredentialsBuilder to support custom HTTP clients and DNS resolvers

• Updated factory methods to leverage shared resources when available

Verifying this change

• Make sure that the change passes the CI checks.

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

• Dependencies (add or upgrade a dependency)
• The public API
• The schema
• The default values of configurations
• The threading model
• The binary protocol
• The REST endpoints
• The admin CLI options
• The metrics
• Anything that affects deployment

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

Matching PR in forked repository

PR in forked repository: