Package org.apache.cassandra.auth

Interface IAuthenticator.SaslNegotiator

  • Enclosing interface:
    IAuthenticator
    public static interface IAuthenticator.SaslNegotiator
    Performs the actual SASL negotiation for a single authentication attempt. SASL is stateful, so a new instance should be used for each attempt. Non-trivial implementations may delegate to an instance of SaslServer

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      byte[] evaluateResponse​(byte[] clientResponse)
      Evaluates the client response data and generates a byte[] response which may be a further challenge or purely informational in the case that the negotiation is completed on this round.
      AuthenticatedUser getAuthenticatedUser()
      Following a sucessful negotiation, get the AuthenticatedUser representing the logged in subject.
      boolean isComplete()
      Called after each invocation of evaluateResponse(byte[]) to determine whether the authentication has completed successfully or should be continued.

    • Method Detail

      • evaluateResponse

        byte[] evaluateResponse​(byte[] clientResponse)
                 throws AuthenticationException
        Evaluates the client response data and generates a byte[] response which may be a further challenge or purely informational in the case that the negotiation is completed on this round. This method is called each time a AuthResponse is received from a client. After it is called, isComplete() is checked to determine whether the negotiation has finished. If so, an AuthenticatedUser is obtained by calling getAuthenticatedUser() and that user associated with the active connection and the byte[] sent back to the client via an AuthSuccess message. If the negotiation is not yet complete, the byte[] is returned to the client as a further challenge in an AuthChallenge message. This continues until the negotiation does complete or an error is encountered.
        Parameters:
        clientResponse - The non-null (but possibly empty) response sent by the client
        Returns:
        The possibly null response to send to the client.
        Throws:
        AuthenticationException - see SaslServer.evaluateResponse(byte[])

      • isComplete

        boolean isComplete()
        Called after each invocation of evaluateResponse(byte[]) to determine whether the authentication has completed successfully or should be continued.
        Returns:
        true if the authentication exchange has completed; false otherwise. see SaslServer.isComplete()

      • getAuthenticatedUser

        AuthenticatedUser getAuthenticatedUser()
                                throws AuthenticationException
        Following a sucessful negotiation, get the AuthenticatedUser representing the logged in subject. This method should only be called if isComplete() returns true. Should never return null - always throw AuthenticationException instead. Returning AuthenticatedUser.ANONYMOUS_USER is an option if authentication is not required.
        Returns:
        non-null representation of the authenticated subject
        Throws:
        AuthenticationException