LegacyAuthorizer (apache-cassandra API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.cassandra.auth
Class LegacyAuthorizer

java.lang.Object
  org.apache.cassandra.auth.LegacyAuthorizer

All Implemented Interfaces:: IAuthorizer

public abstract class LegacyAuthorizer
extends java.lang.Object
implements IAuthorizer
extends java.lang.Object
implements IAuthorizer

Provides a transitional IAuthorizer implementation for old-style (pre-1.2) authorizers. Translates old-style authorize() calls to the new-style, expands Permission.READ and Permission.WRITE into the new Permission values, translates the new resource hierarchy into the old hierarchy. Stubs the rest of the new methods. Subclass LegacyAuthorizer instead of implementing the old IAuthority and your old IAuthority implementation should continue to work.

Constructor Summary
`LegacyAuthorizer()`

Method Summary
`java.util.Set<Permission>`	`authorize(AuthenticatedUser user, IResource resource)` Translates new-style authorize() method call to the old-style (including permissions and the hierarchy).
`abstract java.util.EnumSet<Permission>`	`authorize(AuthenticatedUser user, java.util.List<java.lang.Object> resource)`
`void`	`grant(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, java.lang.String to)` Grants a set of permissions on a resource to a user.
`java.util.Set<PermissionDetails>`	`list(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, java.lang.String of)` Returns a list of permissions on a resource of a user.
`java.util.Set<IResource>`	`protectedResources()` Set of resources that should be made inaccessible to users and only accessible internally.
`void`	`revoke(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, java.lang.String from)` Revokes a set of permissions on a resource from a user.
`void`	`revokeAll(IResource droppedResource)` This method is called after a resource is removed (i.e.
`void`	`revokeAll(java.lang.String droppedUser)` This method is called before deleting a user with DROP USER query so that a new user with the same name wouldn't inherit permissions of the deleted user in the future.
`void`	`setup()` Setup is called once upon system startup to initialize the IAuthorizer.
`abstract void`	`validateConfiguration()` Validates configuration of IAuthorizer implementation (if configurable).

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

LegacyAuthorizer

public LegacyAuthorizer()

Method Detail

authorize

public abstract java.util.EnumSet<Permission> authorize(AuthenticatedUser user,
                                                        java.util.List<java.lang.Object> resource)

Parameters:: user - Authenticated user requesting authorization.; resource - List of Objects containing Strings and byte[]s: represents a resource in the old hierarchy.
Returns:: Set of permissions of the user on the resource. Should never return null. Use Permission.NONE instead.

validateConfiguration

public abstract void validateConfiguration()
                                    throws ConfigurationException

Description copied from interface: IAuthorizer

Validates configuration of IAuthorizer implementation (if configurable).

Specified by:: validateConfiguration in interface IAuthorizer

Throws:: ConfigurationException - when there is a configuration error.

authorize

public java.util.Set<Permission> authorize(AuthenticatedUser user,
                                           IResource resource)

Translates new-style authorize() method call to the old-style (including permissions and the hierarchy).

Specified by:: authorize in interface IAuthorizer

Parameters:: user - Authenticated user requesting authorization.; resource - Resource for which the authorization is being requested. @see DataResource.
Returns:: Set of permissions of the user on the resource. Should never return null. Use Permission.NONE instead.

grant

public void grant(AuthenticatedUser performer,
                  java.util.Set<Permission> permissions,
                  IResource resource,
                  java.lang.String to)
           throws InvalidRequestException,
                  UnauthorizedException

Description copied from interface: IAuthorizer

Grants a set of permissions on a resource to a user. The opposite of revoke().

Specified by:: grant in interface IAuthorizer

Parameters:: performer - User who grants the permissions.; permissions - Set of permissions to grant.; resource - Resource on which to grant the permissions.; to - Grantee of the permissions.
Throws:: InvalidRequestException - upon parameter misconfiguration or internal error.; UnauthorizedException - if the granting user isn't allowed to grant (and revoke) the permissions on the resource.

revoke

public void revoke(AuthenticatedUser performer,
                   java.util.Set<Permission> permissions,
                   IResource resource,
                   java.lang.String from)
            throws InvalidRequestException,
                   UnauthorizedException

Description copied from interface: IAuthorizer

Revokes a set of permissions on a resource from a user. The opposite of grant().

Specified by:: revoke in interface IAuthorizer

Parameters:: performer - User who revokes the permissions.; permissions - Set of permissions to revoke.; resource - Resource on which to revoke the permissions.; from - Revokee of the permissions.
Throws:: InvalidRequestException - upon parameter misconfiguration or internal error.; UnauthorizedException - if the revoking user isn't allowed to revoke the permissions on the resource.

revokeAll

public void revokeAll(java.lang.String droppedUser)

Description copied from interface: IAuthorizer

This method is called before deleting a user with DROP USER query so that a new user with the same name wouldn't inherit permissions of the deleted user in the future.

Specified by:: revokeAll in interface IAuthorizer

Parameters:: droppedUser - The user to revoke all permissions from.

revokeAll

public void revokeAll(IResource droppedResource)

Description copied from interface: IAuthorizer

This method is called after a resource is removed (i.e. keyspace or a table is dropped).

Specified by:: revokeAll in interface IAuthorizer

Parameters:: droppedResource - The resource to revoke all permissions on.

list

public java.util.Set<PermissionDetails> list(AuthenticatedUser performer,
                                             java.util.Set<Permission> permissions,
                                             IResource resource,
                                             java.lang.String of)
                                      throws InvalidRequestException,
                                             UnauthorizedException

Description copied from interface: IAuthorizer

Returns a list of permissions on a resource of a user.

Specified by:: list in interface IAuthorizer

Parameters:: performer - User who wants to see the permissions.; permissions - Set of Permission values the user is interested in. The result should only include the matching ones.; resource - The resource on which permissions are requested. Can be null, in which case permissions on all resources should be returned.; of - The user whose permissions are requested. Can be null, in which case permissions of every user should be returned.
Returns:: All of the matching permission that the requesting user is authorized to know about.
Throws:: InvalidRequestException - upon parameter misconfiguration or internal error.; UnauthorizedException - if the user isn't allowed to view the requested permissions.

protectedResources

public java.util.Set<IResource> protectedResources()

Description copied from interface: IAuthorizer

Set of resources that should be made inaccessible to users and only accessible internally.

Specified by:: protectedResources in interface IAuthorizer

Returns:: Keyspaces, column families that will be unreadable and unmodifiable by users; other resources.

setup

public void setup()

Description copied from interface: IAuthorizer

Setup is called once upon system startup to initialize the IAuthorizer. For example, use this method to create any required keyspaces/column families.

Specified by:: setup in interface IAuthorizer

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.cassandra.auth Class LegacyAuthorizer

LegacyAuthorizer

authorize

validateConfiguration

authorize

grant

revoke

revokeAll

revokeAll

list

protectedResources

setup

org.apache.cassandra.auth
Class LegacyAuthorizer