On Jun 19, 2020, at 12:20 PM, Anthony Baker <bak...@vmware.com<mailto:bak...@vmware.com>> wrote:
That’s fine, I just want to understand what happens when I use this API: createdAuthenticatedView(…) Does it throw an exception? Silently work but not switch to the new user? I would expect that first off we document the usage of certificate based authentication is generally mutually exclusive to the use of multiuser authentication. Secondly, I would expect the SecurityManager should reject any authentication request that it receives if it can’t authenticate the given credentials it was sent so the behavior at the client should reflect that those credentials were denied. It would however be possible to mix both application and user authentication in a SecurityManger in theory you could have multi user authentication, just not with certificates for the user (can be done with client/server protocol changes). An operation performed on an authenticated view would have both the application’s certificate credentials and user credentials sent to the SecurityManager. That implementation can do whatever it wants with them. -Jake
