org.apache.cassandra.auth
Interface IAuthority
- All Known Implementing Classes:
- AllowAllAuthority
public interface IAuthority
Cassandra's resource hierarchy looks something like:
{{/cassandra/keyspaces/$ks_name/...}}
In table form:
/cassandra/
- no checked permissions
- String
* Separates Cassandra-internal resources from resources that might be provided by plugins.
keyspaces/
- READ, WRITE
- String
* The list of keyspaces: READ/WRITE for this resource mean the ability to view/modify the list of keyspaces.
$ks_name/
- READ, WRITE
- String
* An individual keyspace: READ/WRITE permissions apply to the entire namespace and control the ability to both
view and manipulate column families, and to read and write the data contained within.
Over time Cassandra _may_ add additional authorize calls for resources higher or lower in the hierarchy and
IAuthority implementations should be able to handle these calls (although many will choose to ignore them
completely).
NB: {{/cassandra/}} will not be checked for permissions via a call to IAuthority.authorize, so IAuthority
implementations can only deny access when a user attempts to access an ancestor resource.
authorize
java.util.EnumSet<Permission> authorize(AuthenticatedUser user,
java.util.List<java.lang.Object> resource)
- Parameters:
user - An authenticated user from a previous call to IAuthenticator.authenticate.resource - A List of Objects containing Strings and byte[]s: represents a resource in the hierarchy
described in the Javadocs.
- Returns:
- An AccessLevel representing the permissions for the user and resource: should never return null.
validateConfiguration
void validateConfiguration()
throws ConfigurationException
- Throws:
ConfigurationException
Copyright © 2011 The Apache Software Foundation