Package org.apache.cassandra.auth
Class MutualTlsAuthenticator
- java.lang.Object
-
- org.apache.cassandra.auth.MutualTlsAuthenticator
-
- All Implemented Interfaces:
IAuthenticator
public class MutualTlsAuthenticator extends java.lang.Object implements IAuthenticator
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.cassandra.auth.IAuthenticator
IAuthenticator.SaslNegotiator
-
-
Constructor Summary
Constructors Constructor Description MutualTlsAuthenticator(java.util.Map<java.lang.String,java.lang.String> parameters)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthenticatedUser
legacyAuthenticate(java.util.Map<java.lang.String,java.lang.String> credentials)
A legacy method that is still used by JMX authentication.IAuthenticator.SaslNegotiator
newSaslNegotiator(java.net.InetAddress clientAddress)
Provide a SASL handler to perform authentication for an single connection.IAuthenticator.SaslNegotiator
newSaslNegotiator(java.net.InetAddress clientAddress, java.security.cert.Certificate[] certificates)
Provide a SASL handler to perform authentication for an single connection.java.util.Set<? extends IResource>
protectedResources()
Set of resources that should be made inaccessible to users and only accessible internally.boolean
requireAuthentication()
Whether or not the authenticator requires explicit login.void
setup()
Setup is called once upon system startup to initialize the IAuthenticator.void
validateConfiguration()
Validates configuration of IAuthenticator implementation (if configurable).-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.cassandra.auth.IAuthenticator
getAuthenticateMessage
-
-
-
-
Method Detail
-
requireAuthentication
public boolean requireAuthentication()
Description copied from interface:IAuthenticator
Whether or not the authenticator requires explicit login. If false will instantiate user with AuthenticatedUser.ANONYMOUS_USER.- Specified by:
requireAuthentication
in interfaceIAuthenticator
-
protectedResources
public java.util.Set<? extends IResource> protectedResources()
Description copied from interface:IAuthenticator
Set of resources that should be made inaccessible to users and only accessible internally.- Specified by:
protectedResources
in interfaceIAuthenticator
- Returns:
- Keyspaces, column families that will be unmodifiable by users; other resources.
-
validateConfiguration
public void validateConfiguration() throws ConfigurationException
Description copied from interface:IAuthenticator
Validates configuration of IAuthenticator implementation (if configurable).- Specified by:
validateConfiguration
in interfaceIAuthenticator
- Throws:
ConfigurationException
- when there is a configuration error.
-
setup
public void setup()
Description copied from interface:IAuthenticator
Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to create any required keyspaces/column families.- Specified by:
setup
in interfaceIAuthenticator
-
newSaslNegotiator
public IAuthenticator.SaslNegotiator newSaslNegotiator(java.net.InetAddress clientAddress)
Description copied from interface:IAuthenticator
Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt.- Specified by:
newSaslNegotiator
in interfaceIAuthenticator
- Parameters:
clientAddress
- the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).- Returns:
- org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation
(see
PasswordAuthenticator.PlainTextSaslAuthenticator
)
-
newSaslNegotiator
public IAuthenticator.SaslNegotiator newSaslNegotiator(java.net.InetAddress clientAddress, java.security.cert.Certificate[] certificates)
Description copied from interface:IAuthenticator
Provide a SASL handler to perform authentication for an single connection. SASL is a stateful protocol, so a new instance must be used for each authentication attempt. This method accepts certificates as well. Authentication strategies can override this method to gain access to client's certificate chain, if present.- Specified by:
newSaslNegotiator
in interfaceIAuthenticator
- Parameters:
clientAddress
- the IP address of the client whom we wish to authenticate, or null if an internal client (one not connected over the remote transport).certificates
- the peer's Certificate chain, if present. It is expected that these will all be instances ofX509Certificate
, but we pass them as the baseCertificate
in case future implementations leverage other certificate types.- Returns:
- org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation
(see
PasswordAuthenticator.PlainTextSaslAuthenticator
)
-
legacyAuthenticate
public AuthenticatedUser legacyAuthenticate(java.util.Map<java.lang.String,java.lang.String> credentials) throws AuthenticationException
Description copied from interface:IAuthenticator
A legacy method that is still used by JMX authentication. You should implement this for having JMX authentication through your authenticator. Should never return null - always throw AuthenticationException instead. Returning AuthenticatedUser.ANONYMOUS_USER is an option as well if authentication is not required.- Specified by:
legacyAuthenticate
in interfaceIAuthenticator
- Parameters:
credentials
- implementation specific key/value pairs- Returns:
- non-null representation of the authenticated subject
- Throws:
AuthenticationException
-
-