Package org.apache.cassandra.auth

Class MutualTlsWithPasswordFallbackAuthenticator

java.lang.Object

org.apache.cassandra.auth.PasswordAuthenticator

org.apache.cassandra.auth.MutualTlsWithPasswordFallbackAuthenticator

All Implemented Interfaces:

AuthCache.BulkLoader<java.lang.String,java.lang.String>, IAuthenticator

public class MutualTlsWithPasswordFallbackAuthenticator
extends PasswordAuthenticator

This authenticator can be used in optional mTLS mode, If the client doesn't make an mTLS connection this fallbacks to password authentication.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.cassandra.auth.PasswordAuthenticator

PasswordAuthenticator.CredentialsCache, PasswordAuthenticator.CredentialsCacheMBean

Nested classes/interfaces inherited from interface org.apache.cassandra.auth.IAuthenticator

IAuthenticator.SaslNegotiator

Field Summary

Fields inherited from class org.apache.cassandra.auth.PasswordAuthenticator

PASSWORD_KEY, USERNAME_KEY

Constructor Summary

Constructors

Constructor	Description
MutualTlsWithPasswordFallbackAuthenticator(java.util.Map<java.lang.String,java.lang.String> parameters)

Method Summary

Modifier and Type	Method	Description
IAuthenticator.SaslNegotiator	newSaslNegotiator(java.net.InetAddress clientAddress, java.security.cert.Certificate[] certificates)	Provide a SASL handler to perform authentication for an single connection.
void	setup()	Setup is called once upon system startup to initialize the IAuthenticator.

Methods inherited from class org.apache.cassandra.auth.PasswordAuthenticator

bulkLoader, checkpw, getCredentialsCache, legacyAuthenticate, newSaslNegotiator, protectedResources, requireAuthentication, validateConfiguration

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MutualTlsWithPasswordFallbackAuthenticator

public MutualTlsWithPasswordFallbackAuthenticator(java.util.Map<java.lang.String,java.lang.String> parameters)

Method Detail

setup

public void setup()

Description copied from interface: IAuthenticator

Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to create any required keyspaces/column families.

Specified by:

setup in interface IAuthenticator

Overrides:

setup in class PasswordAuthenticator

newSaslNegotiator

public IAuthenticator.SaslNegotiator newSaslNegotiator(java.net.InetAddress clientAddress,
                                                       java.security.cert.Certificate[] certificates)

Description copied from interface: IAuthenticator

Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt. This method accepts certificates as well. Authentication strategies can override this method to gain access to client's certificate chain, if present.

Parameters:

clientAddress - the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).

certificates - the peer's Certificate chain, if present. It is expected that these will all be instances of X509Certificate, but we pass them as the base Certificate in case future implementations leverage other certificate types.

Returns:

org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation (see PasswordAuthenticator.PlainTextSaslAuthenticator)