[
https://issues.apache.org/jira/browse/CASSANDRA-19984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17887881#comment-17887881
]
Tiago L. Alves edited comment on CASSANDRA-19984 at 10/9/24 11:47 AM:
----------------------------------------------------------------------
[~andrew.tolbert] you're right, {{certificates()}} is available from
{{ServerConnection}} but visibility is currently {{{}private{}}}. In this PR we
could go one step in that direction by passing {{Connection}} in addition to
{{ClientState}} in the {{{}getAuthenticateMethod(){}}}. With this change, we
just need to modify the API once and in a different PR / ticket open the
visibility of the {{certificates()}} method. wdyt? (suggestion still pending
validation by others).
I've updated [https://github.com/apache/cassandra/pull/3602] with that change.
was (Author: tiagomlalves):
[~andrew.tolbert] you're right, {{certificates()}} is available from
{{ServerConnection}} but visibility is currently {{{}private{}}}. In this PR we
could go one step in that direction by passing {{Connection}} in addition to
{{ClientState}} in the {{{}getAuthenticateMethod(){}}}. With this change, we
just need to modify the API once and in a different PR / ticket open the
visibility of the {{certificates()}} method. wdyt? (suggestion still pending
validation by others).
> Allow Custom Authenticators to follow negotiation logic already implemented
> in Drivers
> --------------------------------------------------------------------------------------
>
> Key: CASSANDRA-19984
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19984
> Project: Cassandra
> Issue Type: Improvement
> Components: Feature/Authorization
> Reporter: Tiago L. Alves
> Assignee: Tiago L. Alves
> Priority: Normal
> Fix For: 5.0.x, 5.x
>
> Attachments: CASSANDRA-19984_50_#50_ci_summary.html,
> CASSANDRA-19984_50_#50_results_details.tar.xz,
> CASSANDRA-19984_50_#51_ci_summary.html,
> CASSANDRA-19984_50_#51_results_details.tar.xz,
> CASSANDRA-19984_trunk_#52_ci_summary.html,
> CASSANDRA-19984_trunk_#52_results_details.tar.xz
>
>
> Upon a client connection to the C*, the server sends a startup message with
> the full qualified class name (FQCN) of the authenticator that is used. The
> different drivers recognize this FQCN to enable scheme negotiation allowing
> different authentication methods. See for instance
> https://github.com/apache/cassandra-java-driver/blob/4.x/core/src/main/java/com/datastax/dse/driver/api/core/auth/BaseDseAuthenticator.java#L76
> Using a custom authenticator becomes restricted to either follow the default
> C* implementation (which doesn't allow scheme negotiation) or use the exact
> same FQCN that is already known in the drivers. The later might be
> impractical due to the restriction of having multiple implementations with
> the same FQCN.
> A possible workaround to the above problem is to allow IAuthenticator
> implementations to optionally return the Authenticator they want to emulate
> hence enabling custom IAuthenticator to use the functionality already
> implemented in the drivers.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
