tolbertam commented on code in PR #2969:
URL: https://github.com/apache/cassandra/pull/2969#discussion_r1446261035
##########
src/java/org/apache/cassandra/auth/IAuthenticator.java:
##########
@@ -145,5 +167,18 @@ public interface SaslNegotiator
* @throws AuthenticationException
*/
public AuthenticatedUser getAuthenticatedUser() throws
AuthenticationException;
+
+ /**
+ * Whether its determined if this negotiator requires certificates.
This is used in conjunction with
+ * {@link #supportsEarlyCertificateAuthentication()} in determining if
authentication can be done with
+ * client certificates when handling a Startup message.
+ *
+ * If <code>true</code>, will attempt to authenticate while handling a
Startup, otherwise will not attempt
+ * there and defer authentication to when handling an AuthResponse
message.
+ */
+ default boolean requiresCertificateAuthentication()
Review Comment:
Another point of differentiation:
`supportsEarlyCertificateAuthentication` is a configuration of
`IAuthenticator`.
`requiresCertificateAuthentication` is a configuration of `SaslNegotiator`.
This allows us to contextually dictate whether or not certificate
authentication is needed based on the chosen `SaslNegotiator` (as in the
fallback authenticators `newSaslNegotiator`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
