Joel Shepherd created CASSJAVA-127:
--------------------------------------
Summary: CEP-50: Add authenticator negotiation support to Java
driver
Key: CASSJAVA-127
URL: https://issues.apache.org/jira/browse/CASSJAVA-127
Project: Apache Cassandra Java driver
Issue Type: New Feature
Reporter: Joel Shepherd
Assignee: Joel Shepherd
See:
[https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-50%3A+Authentication+Negotiation]
This work will add support for authenticator negotiation to the Java driver and
serve as a reference implementation for other Cassandra drivers.
Flow:
1) Driver sends OPTIONS message to server (optional).
2) If server includes AUTHENTICATORS key in SUPPORTED message, this is positive
indication the server supports negotiation.
3) Driver includes authentication mode names (e.g. "password", "mutualtls",
etc.) in its STARTUP message using the AUTHENTICATORS key.
4) Server picks its preferred option from the list provided by the driver, or a
default authenticator if none of the driver's options are satisfactory. If an
authentication handshake is required, server sends AUTHENTICATE message to
driver specifying the authenticator it will use.
5) Driver creates a matching auth provider for the server's authenticator, and
authenticates normally.
Most of the driver-side changes needed to support this are:
1) Configuration to enable negotiation.
2) An "auth provider registry" which the driver can use to tell the server the
auth methods that the driver supports, and to select a specific auth provider
once the server has indicated its preference.
3) Updating STARTUP message construction and AUTHENTICATE message handling.
4) Tests to ensure forward and backward compatible with servers that do and
don't support negotiation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
