Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.cassandra.auth
Class CassandraAuthorizer

java.lang.Object
  extended by org.apache.cassandra.auth.CassandraAuthorizer
All Implemented Interfaces:
IAuthorizer
public class CassandraAuthorizer
extends java.lang.Object
implements IAuthorizer

CassandraAuthorizer is an IAuthorizer implementation that keeps permissions internally in C* - in system_auth.permissions CQL3 table.

Constructor Summary
CassandraAuthorizer()
           
 
Method Summary
 java.util.Set<Permission> authorize(AuthenticatedUser user, IResource resource)
          The primary IAuthorizer method.
 void grant(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, java.lang.String to)
          Grants a set of permissions on a resource to a user.
 java.util.Set<PermissionDetails> list(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, java.lang.String of)
          Returns a list of permissions on a resource of a user.
 java.util.Set<DataResource> protectedResources()
          Set of resources that should be made inaccessible to users and only accessible internally.
 void revoke(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, java.lang.String from)
          Revokes a set of permissions on a resource from a user.
 void revokeAll(IResource droppedResource)
          This method is called after a resource is removed (i.e.
 void revokeAll(java.lang.String droppedUser)
          This method is called before deleting a user with DROP USER query so that a new user with the same name wouldn't inherit permissions of the deleted user in the future.
 void setup()
          Setup is called once upon system startup to initialize the IAuthorizer.
 void validateConfiguration()
          Validates configuration of IAuthorizer implementation (if configurable).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CassandraAuthorizer

public CassandraAuthorizer()
Method Detail

authorize

public java.util.Set<Permission> authorize(AuthenticatedUser user,
                                           IResource resource)
Description copied from interface: IAuthorizer
The primary IAuthorizer method. Returns a set of permissions of a user on a resource.

Specified by:
authorize in interface IAuthorizer
Parameters:
user - Authenticated user requesting authorization.
resource - Resource for which the authorization is being requested. @see DataResource.
Returns:
Set of permissions of the user on the resource. Should never return null. Use Permission.NONE instead.

grant

public void grant(AuthenticatedUser performer,
                  java.util.Set<Permission> permissions,
                  IResource resource,
                  java.lang.String to)
           throws RequestExecutionException
Description copied from interface: IAuthorizer
Grants a set of permissions on a resource to a user. The opposite of revoke().

Specified by:
grant in interface IAuthorizer
Parameters:
performer - User who grants the permissions.
permissions - Set of permissions to grant.
resource - Resource on which to grant the permissions.
to - Grantee of the permissions.
Throws:
RequestExecutionException

revoke

public void revoke(AuthenticatedUser performer,
                   java.util.Set<Permission> permissions,
                   IResource resource,
                   java.lang.String from)
            throws RequestExecutionException
Description copied from interface: IAuthorizer
Revokes a set of permissions on a resource from a user. The opposite of grant().

Specified by:
revoke in interface IAuthorizer
Parameters:
performer - User who revokes the permissions.
permissions - Set of permissions to revoke.
resource - Resource on which to revoke the permissions.
from - Revokee of the permissions.
Throws:
RequestExecutionException

list

public java.util.Set<PermissionDetails> list(AuthenticatedUser performer,
                                             java.util.Set<Permission> permissions,
                                             IResource resource,
                                             java.lang.String of)
                                      throws RequestValidationException,
                                             RequestExecutionException
Description copied from interface: IAuthorizer
Returns a list of permissions on a resource of a user.

Specified by:
list in interface IAuthorizer
Parameters:
performer - User who wants to see the permissions.
permissions - Set of Permission values the user is interested in. The result should only include the matching ones.
resource - The resource on which permissions are requested. Can be null, in which case permissions on all resources should be returned.
of - The user whose permissions are requested. Can be null, in which case permissions of every user should be returned.
Returns:
All of the matching permission that the requesting user is authorized to know about.
Throws:
RequestValidationException
RequestExecutionException

revokeAll

public void revokeAll(java.lang.String droppedUser)
Description copied from interface: IAuthorizer
This method is called before deleting a user with DROP USER query so that a new user with the same name wouldn't inherit permissions of the deleted user in the future.

Specified by:
revokeAll in interface IAuthorizer
Parameters:
droppedUser - The user to revoke all permissions from.

revokeAll

public void revokeAll(IResource droppedResource)
Description copied from interface: IAuthorizer
This method is called after a resource is removed (i.e. keyspace or a table is dropped).

Specified by:
revokeAll in interface IAuthorizer
Parameters:
droppedResource - The resource to revoke all permissions on.

protectedResources

public java.util.Set<DataResource> protectedResources()
Description copied from interface: IAuthorizer
Set of resources that should be made inaccessible to users and only accessible internally.

Specified by:
protectedResources in interface IAuthorizer
Returns:
Keyspaces, column families that will be unmodifiable by users; other resources.

validateConfiguration

public void validateConfiguration()
                           throws ConfigurationException
Description copied from interface: IAuthorizer
Validates configuration of IAuthorizer implementation (if configurable).

Specified by:
validateConfiguration in interface IAuthorizer
Throws:
ConfigurationException - when there is a configuration error.

setup

public void setup()
Description copied from interface: IAuthorizer
Setup is called once upon system startup to initialize the IAuthorizer. For example, use this method to create any required keyspaces/column families.

Specified by:
setup in interface IAuthorizer
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 The Apache Software Foundation