Package org.apache.cassandra.auth
Class MutualTlsWithPasswordFallbackAuthenticator
- java.lang.Object
-
- org.apache.cassandra.auth.PasswordAuthenticator
-
- org.apache.cassandra.auth.MutualTlsWithPasswordFallbackAuthenticator
-
- All Implemented Interfaces:
AuthCache.BulkLoader<java.lang.String,java.lang.String>
,IAuthenticator
public class MutualTlsWithPasswordFallbackAuthenticator extends PasswordAuthenticator
This authenticator can be used in optional mTLS mode, If the client doesn't make an mTLS connection this fallbacks to password authentication.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.cassandra.auth.PasswordAuthenticator
PasswordAuthenticator.CredentialsCache, PasswordAuthenticator.CredentialsCacheMBean
-
Nested classes/interfaces inherited from interface org.apache.cassandra.auth.IAuthenticator
IAuthenticator.SaslNegotiator
-
-
Field Summary
-
Fields inherited from class org.apache.cassandra.auth.PasswordAuthenticator
PASSWORD_KEY, USERNAME_KEY
-
-
Constructor Summary
Constructors Constructor Description MutualTlsWithPasswordFallbackAuthenticator(java.util.Map<java.lang.String,java.lang.String> parameters)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description IAuthenticator.SaslNegotiator
newSaslNegotiator(java.net.InetAddress clientAddress, java.security.cert.Certificate[] certificates)
Provide a SASL handler to perform authentication for an single connection.void
setup()
Setup is called once upon system startup to initialize the IAuthenticator.-
Methods inherited from class org.apache.cassandra.auth.PasswordAuthenticator
bulkLoader, checkpw, getCredentialsCache, legacyAuthenticate, newSaslNegotiator, protectedResources, requireAuthentication, validateConfiguration
-
-
-
-
Method Detail
-
setup
public void setup()
Description copied from interface:IAuthenticator
Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to create any required keyspaces/column families.- Specified by:
setup
in interfaceIAuthenticator
- Overrides:
setup
in classPasswordAuthenticator
-
newSaslNegotiator
public IAuthenticator.SaslNegotiator newSaslNegotiator(java.net.InetAddress clientAddress, java.security.cert.Certificate[] certificates)
Description copied from interface:IAuthenticator
Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt. This method accepts certificates as well. Authentication strategies can override this method to gain access to client's certificate chain, if present.- Parameters:
clientAddress
- the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).certificates
- the peer's Certificate chain, if present. It is expected that these will all be instances ofX509Certificate
, but we pass them as the baseCertificate
in case future implementations leverage other certificate types.- Returns:
- org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation
(see
PasswordAuthenticator.PlainTextSaslAuthenticator
)
-
-