Package org.apache.cassandra.auth

Class PasswordAuthenticator

  • All Implemented Interfaces:
    AuthCache.BulkLoader<java.lang.String,​java.lang.String>, IAuthenticator
    Direct Known Subclasses:
    MutualTlsWithPasswordFallbackAuthenticator
    public class PasswordAuthenticator
extends java.lang.Object
implements IAuthenticator, AuthCache.BulkLoader<java.lang.String,​java.lang.String>
    PasswordAuthenticator is an IAuthenticator implementation that keeps credentials (rolenames and bcrypt-hashed passwords) internally in C* - in system_auth.roles CQL3 table. Since 2.2, the management of roles (creation, modification, querying etc is the responsibility of IRoleManager. Use of PasswordAuthenticator requires the use of CassandraRoleManager for storage and retrieval of encrypted passwords.

    • Constructor Detail

      • PasswordAuthenticator

        public PasswordAuthenticator()

    • Method Detail

      • requireAuthentication

        public boolean requireAuthentication()
        Description copied from interface: IAuthenticator
        Whether or not the authenticator requires explicit login. If false will instantiate user with AuthenticatedUser.ANONYMOUS_USER.
        Specified by:
        requireAuthentication in interface IAuthenticator

      • bulkLoader

        public java.util.function.Supplier<java.util.Map<java.lang.String,​java.lang.String>> bulkLoader()
        Specified by:
        bulkLoader in interface AuthCache.BulkLoader<java.lang.String,​java.lang.String>

      • checkpw

        protected static boolean checkpw​(java.lang.String password,
                                 java.lang.String hash)

      • protectedResources

        public java.util.Set<DataResource> protectedResources()
        Description copied from interface: IAuthenticator
        Set of resources that should be made inaccessible to users and only accessible internally.
        Specified by:
        protectedResources in interface IAuthenticator
        Returns:
        Keyspaces, column families that will be unmodifiable by users; other resources.

      • setup

        public void setup()
        Description copied from interface: IAuthenticator
        Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to create any required keyspaces/column families.
        Specified by:
        setup in interface IAuthenticator

      • legacyAuthenticate

        public AuthenticatedUser legacyAuthenticate​(java.util.Map<java.lang.String,​java.lang.String> credentials)
                                     throws AuthenticationException
        Description copied from interface: IAuthenticator
        A legacy method that is still used by JMX authentication. You should implement this for having JMX authentication through your authenticator. Should never return null - always throw AuthenticationException instead. Returning AuthenticatedUser.ANONYMOUS_USER is an option as well if authentication is not required.
        Specified by:
        legacyAuthenticate in interface IAuthenticator
        Parameters:
        credentials - implementation specific key/value pairs
        Returns:
        non-null representation of the authenticated subject
        Throws:
        AuthenticationException

      • newSaslNegotiator

        public IAuthenticator.SaslNegotiator newSaslNegotiator​(java.net.InetAddress clientAddress)
        Description copied from interface: IAuthenticator
        Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt.
        Specified by:
        newSaslNegotiator in interface IAuthenticator
        Parameters:
        clientAddress - the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).
        Returns:
        org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation (see PasswordAuthenticator.PlainTextSaslAuthenticator)