org.apache.cassandra.auth

Interface IAuthenticator

All Known Implementing Classes:

AllowAllAuthenticator, PasswordAuthenticator

public interface IAuthenticator

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static interface	IAuthenticator.SaslNegotiator Performs the actual SASL negotiation for a single authentication attempt.

Method Summary

Modifier and Type	Method and Description
AuthenticatedUser	legacyAuthenticate(java.util.Map<java.lang.String,java.lang.String> credentials) For implementations which support the Thrift login method that accepts arbitrary key/value pairs containing credentials data.
IAuthenticator.SaslNegotiator	newSaslNegotiator(java.net.InetAddress clientAddress) Provide a SASL handler to perform authentication for an single connection.
java.util.Set<? extends IResource>	protectedResources() Set of resources that should be made inaccessible to users and only accessible internally.
boolean	requireAuthentication() Whether or not the authenticator requires explicit login.
void	setup() Setup is called once upon system startup to initialize the IAuthenticator.
void	validateConfiguration() Validates configuration of IAuthenticator implementation (if configurable).

Method Detail

requireAuthentication

boolean requireAuthentication()

Whether or not the authenticator requires explicit login. If false will instantiate user with AuthenticatedUser.ANONYMOUS_USER.

protectedResources

java.util.Set<? extends IResource> protectedResources()

Set of resources that should be made inaccessible to users and only accessible internally.

Returns:

Keyspaces, column families that will be unmodifiable by users; other resources.

validateConfiguration

void validateConfiguration()
                    throws ConfigurationException

Validates configuration of IAuthenticator implementation (if configurable).

Throws:

ConfigurationException - when there is a configuration error.

setup

void setup()

Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to create any required keyspaces/column families.

newSaslNegotiator

IAuthenticator.SaslNegotiator newSaslNegotiator(java.net.InetAddress clientAddress)

Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt.

Parameters:

clientAddress - the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).

Returns:

org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation (see PasswordAuthenticator.PlainTextSaslAuthenticator)

legacyAuthenticate

AuthenticatedUser legacyAuthenticate(java.util.Map<java.lang.String,java.lang.String> credentials)
                              throws AuthenticationException

For implementations which support the Thrift login method that accepts arbitrary key/value pairs containing credentials data. Also used by CQL native protocol v1, in which username and password are sent from client to server in a CredentialsMessage Implementations where support for Thrift and CQL protocol v1 is not required should make this an unsupported operation. Should never return null - always throw AuthenticationException instead. Returning AuthenticatedUser.ANONYMOUS_USER is an option as well if authentication is not required.

Parameters:

credentials - implementation specific key/value pairs

Returns:

non-null representation of the authenticated subject

Throws:

AuthenticationException