Package org.apache.cassandra.auth.jmx

Class AuthenticationProxy

  • All Implemented Interfaces:
    javax.management.remote.JMXAuthenticator
    public final class AuthenticationProxy
extends java.lang.Object
implements javax.management.remote.JMXAuthenticator
    An alternative to the JAAS based implementation of JMXAuthenticator provided by the JDK (JMXPluggableAuthenticator). Authentication is performed via delegation to a LoginModule. The JAAS login config is specified by passing its identifier in a custom system property: cassandra.jmx.remote.login.config The location of the JAAS configuration file containing that config is specified in the standard way, using the java.security.auth.login.config system property. If authentication is successful then a Subject containing one or more Principals is returned. This Subject may then be used during authorization if a JMX authorization is enabled.

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthenticationProxy​(java.lang.String loginConfigName)
      Creates an instance of JMXPluggableAuthenticator and initializes it with a LoginContext.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      javax.security.auth.Subject authenticate​(java.lang.Object credentials)
      Perform authentication of the client opening the MBeanServerConnection

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AuthenticationProxy

        public AuthenticationProxy​(java.lang.String loginConfigName)
        Creates an instance of JMXPluggableAuthenticator and initializes it with a LoginContext.
        Parameters:
        loginConfigName - name of the specifig JAAS login configuration to use when authenticating JMX connections
        Throws:
        java.lang.SecurityException - if the authentication mechanism cannot be initialized.

    • Method Detail

      • authenticate

        public javax.security.auth.Subject authenticate​(java.lang.Object credentials)
        Perform authentication of the client opening the MBeanServerConnection
        Specified by:
        authenticate in interface javax.management.remote.JMXAuthenticator
        Parameters:
        credentials - optionally these credentials may be supplied by the JMX user. Out of the box, the JDK's RMIServerImpl is capable of supplying a two element String[], containing username and password. If present, these credentials will be made available to configured LoginModules via JMXCallbackHandler.
        Returns:
        the authenticated subject containing any Principals added by the LoginModules
        Throws:
        java.lang.SecurityException - if the server cannot authenticate the user with the provided credentials.