Package org.apache.cassandra.auth
Class AuthenticatedUser
- java.lang.Object
-
- org.apache.cassandra.auth.AuthenticatedUser
-
public class AuthenticatedUser extends java.lang.Object
Returned from IAuthenticator#authenticate(), represents an authenticated user everywhere internally. Holds the name of the user and the roles that have been granted to the user. The roles will be cached for roles_validity.
-
-
Field Summary
Fields Modifier and Type Field Description static AuthenticatedUser
ANONYMOUS_USER
static java.lang.String
ANONYMOUS_USERNAME
static NetworkPermissionsCache
networkPermissionsCache
static PermissionsCache
permissionsCache
static AuthenticatedUser
SYSTEM_USER
static java.lang.String
SYSTEM_USERNAME
-
Constructor Summary
Constructors Constructor Description AuthenticatedUser(java.lang.String name)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
canLogin()
Check whether this user has login privileges.boolean
equals(java.lang.Object o)
java.lang.String
getName()
java.util.Set<Permission>
getPermissions(IResource resource)
RoleResource
getPrimaryRole()
java.util.Set<Role>
getRoleDetails()
Get the detailed info on roles granted to the user via IRoleManagerjava.util.Set<RoleResource>
getRoles()
Get the roles that have been granted to the user via the IRoleManagerboolean
hasAccessFromIp(java.net.InetSocketAddress remoteAddress)
int
hashCode()
boolean
hasLocalAccess()
Verify that there is not DC level restriction on this user accessing this node.static void
init()
UseAuthCacheService.initializeAndRegisterCaches()
rather than calling this directlyboolean
isAnonymous()
If IAuthenticator doesn't require authentication, this method may return true.boolean
isSuper()
Checks the user's superuser status.boolean
isSystem()
Some internal operations are performed on behalf of Cassandra itself, in those cases the system user should be used where an identity is required see CreateRoleStatement#execute() and overrides of AlterSchemaStatement#createdResources()java.lang.String
toString()
-
-
-
Field Detail
-
SYSTEM_USERNAME
public static final java.lang.String SYSTEM_USERNAME
- See Also:
- Constant Field Values
-
SYSTEM_USER
public static final AuthenticatedUser SYSTEM_USER
-
ANONYMOUS_USERNAME
public static final java.lang.String ANONYMOUS_USERNAME
- See Also:
- Constant Field Values
-
ANONYMOUS_USER
public static final AuthenticatedUser ANONYMOUS_USER
-
permissionsCache
public static final PermissionsCache permissionsCache
-
networkPermissionsCache
public static final NetworkPermissionsCache networkPermissionsCache
-
-
Method Detail
-
init
public static void init()
UseAuthCacheService.initializeAndRegisterCaches()
rather than calling this directly
-
getName
public java.lang.String getName()
-
getPrimaryRole
public RoleResource getPrimaryRole()
-
isSuper
public boolean isSuper()
Checks the user's superuser status. Only a superuser is allowed to perform CREATE USER and DROP USER queries. Im most cased, though not necessarily, a superuser will have Permission.ALL on every resource (depends on IAuthorizer implementation).
-
isAnonymous
public boolean isAnonymous()
If IAuthenticator doesn't require authentication, this method may return true.
-
isSystem
public boolean isSystem()
Some internal operations are performed on behalf of Cassandra itself, in those cases the system user should be used where an identity is required see CreateRoleStatement#execute() and overrides of AlterSchemaStatement#createdResources()
-
getRoles
public java.util.Set<RoleResource> getRoles()
Get the roles that have been granted to the user via the IRoleManager- Returns:
- a set of identifiers for the roles that have been granted to the user
-
getRoleDetails
public java.util.Set<Role> getRoleDetails()
Get the detailed info on roles granted to the user via IRoleManager- Returns:
- a set of Role objects detailing the roles granted to the user
-
getPermissions
public java.util.Set<Permission> getPermissions(IResource resource)
-
canLogin
public boolean canLogin()
Check whether this user has login privileges. LOGIN is not inherited from granted roles, so must be directly granted to the primary role for this user- Returns:
- true if the user is permitted to login, false otherwise.
-
hasLocalAccess
public boolean hasLocalAccess()
Verify that there is not DC level restriction on this user accessing this node. Further extends the login privilege check by verifying that the primary role for this user is permitted to perform operations in the local (to this node) datacenter. Like LOGIN, this is not inherited from granted roles.- Returns:
- true if the user is permitted to access nodes in this node's datacenter, false otherwise
-
hasAccessFromIp
public boolean hasAccessFromIp(java.net.InetSocketAddress remoteAddress)
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
equals
public boolean equals(java.lang.Object o)
- Overrides:
equals
in classjava.lang.Object
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classjava.lang.Object
-
-