Examples with AuthenticatedUser org.apache.cassandra.auth.AuthenticatedUser used on opensource projects

Example 6 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class ClientStateTest method permissionsCheckStartsAtHeadOfResourceChain.

@Test
public void permissionsCheckStartsAtHeadOfResourceChain() {
    // verify that when performing a permissions check, we start from the
    // root IResource in the applicable hierarchy and proceed to the more
    // granular resources until we find the required permission (or until
    // we reach the end of the resource chain). This is because our typical
    // usage is to grant blanket permissions on the root resources to users
    // and so we save lookups, cache misses and cache space by traversing in
    // this order. e.g. for DataResources, we typically grant perms on the
    // 'data' resource, so when looking up a users perms on a specific table
    // it makes sense to follow: data -> keyspace -> table
    final AtomicInteger getPermissionsRequestCount = new AtomicInteger(0);
    final IResource rootResource = DataResource.root();
    final IResource tableResource = DataResource.table("test_ks", "test_table");
    final AuthenticatedUser testUser = new AuthenticatedUser("test_user") {

        public Set<Permission> getPermissions(IResource resource) {
            getPermissionsRequestCount.incrementAndGet();
            if (resource.equals(rootResource))
                return Permission.ALL;
            fail(String.format("Permissions requested for unexpected resource %s", resource));
            // need a return to make the compiler happy
            return null;
        }

        public boolean canLogin() {
            return true;
        }
    };
    Roles.cache.invalidate();
    // finally, need to configure CassandraAuthorizer so we don't shortcircuit out of the authz process
    DatabaseDescriptor.setAuthorizer(new AuthTestUtils.LocalCassandraAuthorizer());
    // check permissions on the table, which should check for the root resource first
    // & return successfully without needing to proceed further
    ClientState state = ClientState.forInternalCalls();
    state.login(testUser);
    state.ensurePermission(Permission.SELECT, tableResource);
    assertEquals(1, getPermissionsRequestCount.get());
}

Example 7 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class PermissionsCacheKeysTableTest method cachePermissionsForResource.

private void cachePermissionsForResource(RoleResource roleResource, IResource resource) {
    AuthenticatedUser role = new AuthenticatedUser(roleResource.getRoleName());
    role.getPermissions(resource);
}

Example 8 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project eiger by wlloyd.

the class ClientState method login.

/**
 * Attempts to login this client with the given credentials map.
 */
public void login(Map<? extends CharSequence, ? extends CharSequence> credentials) throws AuthenticationException {
    AuthenticatedUser user = DatabaseDescriptor.getAuthenticator().authenticate(credentials);
    if (logger.isDebugEnabled())
        logger.debug("logged in: {}", user);
    this.user = user;
}

Example 9 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class SchemaAlteringStatement method execute.

public ResultMessage execute(QueryState state, QueryOptions options, long queryStartNanoTime) throws RequestValidationException {
    // If an IF [NOT] EXISTS clause was used, this may not result in an actual schema change.  To avoid doing
    // extra work in the drivers to handle schema changes, we return an empty message in this case. (CASSANDRA-7600)
    Event.SchemaChange ce = announceMigration(state, false);
    if (ce == null)
        return new ResultMessage.Void();
    // when a schema alteration results in a new db object being created, we grant permissions on the new
    // object to the user performing the request if:
    // * the user is not anonymous
    // * the configured IAuthorizer supports granting of permissions (not all do, AllowAllAuthorizer doesn't and
    //   custom external implementations may not)
    AuthenticatedUser user = state.getClientState().getUser();
    if (user != null && !user.isAnonymous() && ce.change == Event.SchemaChange.Change.CREATED) {
        try {
            grantPermissionsToCreator(state);
        } catch (UnsupportedOperationException e) {
        // not a problem, grant is an optional method on IAuthorizer
        }
    }
    return new ResultMessage.SchemaChange(ce);
}

Example 10 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class AuthResponse method execute.

@Override
public Response execute(QueryState queryState, long queryStartNanoTime) {
    try {
        IAuthenticator.SaslNegotiator negotiator = ((ServerConnection) connection).getSaslNegotiator(queryState);
        byte[] challenge = negotiator.evaluateResponse(token);
        if (negotiator.isComplete()) {
            AuthenticatedUser user = negotiator.getAuthenticatedUser();
            queryState.getClientState().login(user);
            AuthMetrics.instance.markSuccess();
            // authentication is complete, send a ready message to the client
            return new AuthSuccess(challenge);
        } else {
            return new AuthChallenge(challenge);
        }
    } catch (AuthenticationException e) {
        AuthMetrics.instance.markFailure();
        return ErrorMessage.fromException(e);
    }
}