lidavidm commented on code in PR #12847: URL: https://github.com/apache/arrow/pull/12847#discussion_r848888395
########## docs/source/java/flight.rst: ########## @@ -181,18 +181,16 @@ Enabling Authentication .. warning:: Authentication is insecure without enabling TLS. Handshake-based authentication can be enabled by implementing -Handlers on the client and server side (i.e.: ``ServerAuthHandler``). -There are two options available user/password and token. - -Authentication consists of two parts: on +``ServerAuthHandler``. Authentication consists of two parts: on initial client connection, the server and client authentication implementations can perform any negotiation needed; then, on each RPC Review Comment: ```suggestion implementations can perform any negotiation needed. The client authentication handler then provides a token that will be attached to future calls. ``` ########## docs/source/java/flight.rst: ########## @@ -181,18 +181,16 @@ Enabling Authentication .. warning:: Authentication is insecure without enabling TLS. Handshake-based authentication can be enabled by implementing -Handlers on the client and server side (i.e.: ``ServerAuthHandler``). -There are two options available user/password and token. - -Authentication consists of two parts: on +``ServerAuthHandler``. Authentication consists of two parts: on initial client connection, the server and client authentication implementations can perform any negotiation needed; then, on each RPC -thereafter, the client provides a token. The client set an ID result -of user/password through ``CallHeaders`` / ``Metadata`` these IDs is -recovered by the server side to do validation. The server authentication -handler validates the token and provides the identity of the -client. This identity can be obtained from the -``CallContext.peerIdentity``. +thereafter, the client provides a token. + +The client send data to be validated through ``ClientAuthHandler.authenticate`` +The server validate data received through ``ServerAuthHandler.authenticate``. +After validations, the client and server use a key value to pass/read the token +through ``Auth-Token-bin``, then the server use ``ServerAuthInterceptor`` +to validate token received from. Review Comment: Let's not talk about how it's implemented, this is not relevant to users. ########## docs/source/java/flight.rst: ########## @@ -181,18 +181,16 @@ Enabling Authentication .. warning:: Authentication is insecure without enabling TLS. Handshake-based authentication can be enabled by implementing -Handlers on the client and server side (i.e.: ``ServerAuthHandler``). -There are two options available user/password and token. - -Authentication consists of two parts: on +``ServerAuthHandler``. Authentication consists of two parts: on initial client connection, the server and client authentication implementations can perform any negotiation needed; then, on each RPC -thereafter, the client provides a token. The client set an ID result -of user/password through ``CallHeaders`` / ``Metadata`` these IDs is -recovered by the server side to do validation. The server authentication -handler validates the token and provides the identity of the -client. This identity can be obtained from the -``CallContext.peerIdentity``. +thereafter, the client provides a token. Review Comment: ```suggestion ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
