Package org.apache.cassandra.auth

Interface IAuthenticator

    • Method Detail

      • requireAuthentication

        boolean requireAuthentication()
        Whether or not the authenticator requires explicit login. If false will instantiate user with AuthenticatedUser.ANONYMOUS_USER.

      • protectedResources

        java.util.Set<? extends IResource> protectedResources()
        Set of resources that should be made inaccessible to users and only accessible internally.
        Returns:
        Keyspaces, column families that will be unmodifiable by users; other resources.

      • validateConfiguration

        void validateConfiguration()
                    throws ConfigurationException
        Validates configuration of IAuthenticator implementation (if configurable).
        Throws:
        ConfigurationException - when there is a configuration error.

      • setup

        void setup()
        Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to create any required keyspaces/column families.

      • getAuthenticateMessage

        default AuthenticateMessage getAuthenticateMessage​(ClientState clientState)
        Allows custom authenticators to return their own AuthenticateMessage based on ClientState information. For example, this allows returning the FQCN of a driver's known authenticator (e.g. "com.datastax.bdp.cassandra.auth.DseAuthenticator") to enable SASL scheme negotiation.

      • newSaslNegotiator

        IAuthenticator.SaslNegotiator newSaslNegotiator​(java.net.InetAddress clientAddress)
        Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt.
        Parameters:
        clientAddress - the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).
        Returns:
        org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation (see PasswordAuthenticator.PlainTextSaslAuthenticator)

      • newSaslNegotiator

        default IAuthenticator.SaslNegotiator newSaslNegotiator​(java.net.InetAddress clientAddress,
                                                        java.security.cert.Certificate[] certificates)
        Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt. This method accepts certificates as well. Authentication strategies can override this method to gain access to client's certificate chain, if present.
        Parameters:
        clientAddress - the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).
        certificates - the peer's Certificate chain, if present. It is expected that these will all be instances of X509Certificate, but we pass them as the base Certificate in case future implementations leverage other certificate types.
        Returns:
        org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation (see PasswordAuthenticator.PlainTextSaslAuthenticator)

      • legacyAuthenticate

        AuthenticatedUser legacyAuthenticate​(java.util.Map<java.lang.String,​java.lang.String> credentials)
                              throws AuthenticationException
        A legacy method that is still used by JMX authentication. You should implement this for having JMX authentication through your authenticator. Should never return null - always throw AuthenticationException instead. Returning AuthenticatedUser.ANONYMOUS_USER is an option as well if authentication is not required.
        Parameters:
        credentials - implementation specific key/value pairs
        Returns:
        non-null representation of the authenticated subject
        Throws:
        AuthenticationException