org.apache.cassandra.auth

Class PasswordAuthenticator

java.lang.Object

org.apache.cassandra.auth.PasswordAuthenticator

All Implemented Interfaces:

IAuthenticator

public class PasswordAuthenticator
extends java.lang.Object
implements IAuthenticator

PasswordAuthenticator is an IAuthenticator implementation that keeps credentials (rolenames and bcrypt-hashed passwords) internally in C* - in system_auth.roles CQL3 table. Since 2.2, the management of roles (creation, modification, querying etc is the responsibility of IRoleManager. Use of PasswordAuthenticator requires the use of CassandraRoleManager for storage and retrieval of encrypted passwords.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	PasswordAuthenticator.CredentialsCacheMBean

Nested classes/interfaces inherited from interface org.apache.cassandra.auth.IAuthenticator

IAuthenticator.SaslNegotiator

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	PASSWORD_KEY
static java.lang.String	USERNAME_KEY

Constructor Summary

Constructors

Constructor and Description
PasswordAuthenticator()

Method Summary

Modifier and Type	Method and Description
protected static boolean	checkpw(java.lang.String password, java.lang.String hash)
AuthenticatedUser	legacyAuthenticate(java.util.Map<java.lang.String,java.lang.String> credentials) A legacy method that is still used by JMX authentication.
IAuthenticator.SaslNegotiator	newSaslNegotiator(java.net.InetAddress clientAddress) Provide a SASL handler to perform authentication for an single connection.
java.util.Set<DataResource>	protectedResources() Set of resources that should be made inaccessible to users and only accessible internally.
boolean	requireAuthentication() Whether or not the authenticator requires explicit login.
void	setup() Setup is called once upon system startup to initialize the IAuthenticator.
void	validateConfiguration() Validates configuration of IAuthenticator implementation (if configurable).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.cassandra.auth.IAuthenticator

newSaslNegotiator

Field Detail

USERNAME_KEY

public static final java.lang.String USERNAME_KEY

See Also:

Constant Field Values

PASSWORD_KEY

public static final java.lang.String PASSWORD_KEY

See Also:

Constant Field Values

Constructor Detail

PasswordAuthenticator

public PasswordAuthenticator()

Method Detail

requireAuthentication

public boolean requireAuthentication()

Description copied from interface: IAuthenticator

Whether or not the authenticator requires explicit login. If false will instantiate user with AuthenticatedUser.ANONYMOUS_USER.

Specified by:

requireAuthentication in interface IAuthenticator

checkpw

protected static boolean checkpw(java.lang.String password,
                                 java.lang.String hash)

protectedResources

public java.util.Set<DataResource> protectedResources()

Description copied from interface: IAuthenticator

Set of resources that should be made inaccessible to users and only accessible internally.

Specified by:

protectedResources in interface IAuthenticator

Returns:

Keyspaces, column families that will be unmodifiable by users; other resources.

validateConfiguration

public void validateConfiguration()
                           throws ConfigurationException

Description copied from interface: IAuthenticator

Validates configuration of IAuthenticator implementation (if configurable).

Specified by:

validateConfiguration in interface IAuthenticator

Throws:

ConfigurationException - when there is a configuration error.

setup

public void setup()

Description copied from interface: IAuthenticator

Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to create any required keyspaces/column families.

Specified by:

setup in interface IAuthenticator

legacyAuthenticate

public AuthenticatedUser legacyAuthenticate(java.util.Map<java.lang.String,java.lang.String> credentials)
                                     throws AuthenticationException

Description copied from interface: IAuthenticator

A legacy method that is still used by JMX authentication. You should implement this for having JMX authentication through your authenticator. Should never return null - always throw AuthenticationException instead. Returning AuthenticatedUser.ANONYMOUS_USER is an option as well if authentication is not required.

Specified by:

legacyAuthenticate in interface IAuthenticator

Parameters:

credentials - implementation specific key/value pairs

Returns:

non-null representation of the authenticated subject

Throws:

AuthenticationException

newSaslNegotiator

public IAuthenticator.SaslNegotiator newSaslNegotiator(java.net.InetAddress clientAddress)

Description copied from interface: IAuthenticator

Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt.

Specified by:

newSaslNegotiator in interface IAuthenticator

Parameters:

clientAddress - the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).

Returns:

org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation (see PasswordAuthenticator.PlainTextSaslAuthenticator)