Examples with AuthenticatedUser org.apache.cassandra.auth.AuthenticatedUser used on opensource projects

Search in sources :

Example 11 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class CredentialsMessage method execute.

public Message.Response execute(QueryState state, long queryStartNanoTime) {
    try {
        AuthenticatedUser user = DatabaseDescriptor.getAuthenticator().legacyAuthenticate(credentials);
        state.getClientState().login(user);
        AuthMetrics.instance.markSuccess();
    } catch (AuthenticationException e) {
        AuthMetrics.instance.markFailure();
        return ErrorMessage.fromException(e);
    }
    return new ReadyMessage();
}
Also used : AuthenticationException(org.apache.cassandra.exceptions.AuthenticationException) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser)

Example 12 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class AlterSchemaStatement method execute.

public ResultMessage execute(QueryState state, boolean locally) {
    if (SchemaConstants.isLocalSystemKeyspace(keyspaceName))
        throw ire("System keyspace '%s' is not user-modifiable", keyspaceName);
    KeyspaceMetadata keyspace = Schema.instance.getKeyspaceMetadata(keyspaceName);
    if (null != keyspace && keyspace.isVirtual())
        throw ire("Virtual keyspace '%s' is not user-modifiable", keyspaceName);
    validateKeyspaceName();
    KeyspacesDiff diff = MigrationManager.announce(this, locally);
    clientWarnings(diff).forEach(ClientWarn.instance::warn);
    if (diff.isEmpty())
        return new ResultMessage.Void();
    /*
         * When a schema alteration results in a new db object being created, we grant permissions on the new
         * object to the user performing the request if:
         * - the user is not anonymous
         * - the configured IAuthorizer supports granting of permissions (not all do, AllowAllAuthorizer doesn't and
         *   custom external implementations may not)
         */
    AuthenticatedUser user = state.getClientState().getUser();
    if (null != user && !user.isAnonymous())
        createdResources(diff).forEach(r -> grantPermissionsOnResource(r, user));
    return new ResultMessage.SchemaChange(schemaChangeEvent(diff));
}
Also used : ResultMessage(org.apache.cassandra.transport.messages.ResultMessage) ImmutableSet(com.google.common.collect.ImmutableSet) QueryState(org.apache.cassandra.service.QueryState) ClientWarn(org.apache.cassandra.service.ClientWarn) SchemaChange(org.apache.cassandra.transport.Event.SchemaChange) ClientState(org.apache.cassandra.service.ClientState) Set(java.util.Set) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser) CQLStatement(org.apache.cassandra.cql3.CQLStatement) IResource(org.apache.cassandra.auth.IResource) KeyspacesDiff(org.apache.cassandra.schema.Keyspaces.KeyspacesDiff) DatabaseDescriptor(org.apache.cassandra.config.DatabaseDescriptor) QueryOptions(org.apache.cassandra.cql3.QueryOptions) InvalidRequestException(org.apache.cassandra.exceptions.InvalidRequestException) org.apache.cassandra.schema(org.apache.cassandra.schema) KeyspacesDiff(org.apache.cassandra.schema.Keyspaces.KeyspacesDiff) SchemaChange(org.apache.cassandra.transport.Event.SchemaChange) ResultMessage(org.apache.cassandra.transport.messages.ResultMessage) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser)

Example 13 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class AuthResponse method execute.

@Override
protected Response execute(QueryState queryState, long queryStartNanoTime, boolean traceRequest) {
    try {
        IAuthenticator.SaslNegotiator negotiator = ((ServerConnection) connection).getSaslNegotiator(queryState);
        byte[] challenge = negotiator.evaluateResponse(token);
        if (negotiator.isComplete()) {
            AuthenticatedUser user = negotiator.getAuthenticatedUser();
            queryState.getClientState().login(user);
            ClientMetrics.instance.markAuthSuccess();
            AuthEvents.instance.notifyAuthSuccess(queryState);
            // authentication is complete, send a ready message to the client
            return new AuthSuccess(challenge);
        } else {
            return new AuthChallenge(challenge);
        }
    } catch (AuthenticationException e) {
        ClientMetrics.instance.markAuthFailure();
        AuthEvents.instance.notifyAuthFailure(queryState, e);
        return ErrorMessage.fromException(e);
    }
}
Also used : AuthenticationException(org.apache.cassandra.exceptions.AuthenticationException) IAuthenticator(org.apache.cassandra.auth.IAuthenticator) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser)

Example 14 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class InvalidatePermissionsCacheTest method testInvalidatePermissionsForAllRoles.

@Test
public void testInvalidatePermissionsForAllRoles() {
    DataResource rootDataResource = DataResource.root();
    Set<Permission> dataPermissions = rootDataResource.applicablePermissions();
    AuthenticatedUser roleA = new AuthenticatedUser(ROLE_A.getRoleName());
    AuthenticatedUser roleB = new AuthenticatedUser(ROLE_B.getRoleName());
    // cache permissions
    roleA.getPermissions(rootDataResource);
    roleB.getPermissions(rootDataResource);
    long originalReadsCount = getRolePermissionsReadCount();
    // enure permissions are cached
    assertThat(roleA.getPermissions(rootDataResource)).isEqualTo(dataPermissions);
    assertThat(roleB.getPermissions(rootDataResource)).isEqualTo(dataPermissions);
    assertThat(originalReadsCount).isEqualTo(getRolePermissionsReadCount());
    // invalidate both permissions
    ToolRunner.ToolResult tool = ToolRunner.invokeNodetool("invalidatepermissionscache");
    tool.assertOnCleanExit();
    assertThat(tool.getStdout()).isEmpty();
    // ensure permission for roleA is reloaded
    assertThat(roleA.getPermissions(rootDataResource)).isEqualTo(dataPermissions);
    long readsCountAfterFirstReLoad = getRolePermissionsReadCount();
    assertThat(originalReadsCount).isLessThan(readsCountAfterFirstReLoad);
    // ensure permission for roleB is reloaded
    assertThat(roleB.getPermissions(rootDataResource)).isEqualTo(dataPermissions);
    long readsCountAfterSecondReLoad = getRolePermissionsReadCount();
    assertThat(readsCountAfterFirstReLoad).isLessThan(readsCountAfterSecondReLoad);
}
Also used : ToolRunner(org.apache.cassandra.tools.ToolRunner) Permission(org.apache.cassandra.auth.Permission) DataResource(org.apache.cassandra.auth.DataResource) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser) Test(org.junit.Test)

Example 15 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class InvalidatePermissionsCacheTest method assertInvalidation.

private void assertInvalidation(IResource resource, List<String> options) {
    Set<Permission> dataPermissions = resource.applicablePermissions();
    AuthenticatedUser role = new AuthenticatedUser(ROLE_A.getRoleName());
    // cache permission
    role.getPermissions(resource);
    long originalReadsCount = getRolePermissionsReadCount();
    // enure permission is cached
    assertThat(role.getPermissions(resource)).isEqualTo(dataPermissions);
    assertThat(originalReadsCount).isEqualTo(getRolePermissionsReadCount());
    // invalidate permission
    List<String> args = new ArrayList<>();
    args.add("invalidatepermissionscache");
    args.add(ROLE_A.getRoleName());
    args.addAll(options);
    ToolRunner.ToolResult tool = ToolRunner.invokeNodetool(args);
    tool.assertOnCleanExit();
    assertThat(tool.getStdout()).isEmpty();
    // ensure permission is reloaded
    assertThat(role.getPermissions(resource)).isEqualTo(dataPermissions);
    assertThat(originalReadsCount).isLessThan(getRolePermissionsReadCount());
}
Also used : ToolRunner(org.apache.cassandra.tools.ToolRunner) Permission(org.apache.cassandra.auth.Permission) ArrayList(java.util.ArrayList) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser)

Aggregations

AuthenticatedUser (org.apache.cassandra.auth.AuthenticatedUser)18 ToolRunner (org.apache.cassandra.tools.ToolRunner)8 Test (org.junit.Test)8 IResource (org.apache.cassandra.auth.IResource)3 Permission (org.apache.cassandra.auth.Permission)3 AuthenticationException (org.apache.cassandra.exceptions.AuthenticationException)3 IAuthenticator (org.apache.cassandra.auth.IAuthenticator)2 ResultMessage (org.apache.cassandra.transport.messages.ResultMessage)2 ImmutableSet (com.google.common.collect.ImmutableSet)1 ArrayList (java.util.ArrayList)1 Set (java.util.Set)1 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 AuthTestUtils (org.apache.cassandra.auth.AuthTestUtils)1 DataResource (org.apache.cassandra.auth.DataResource)1 DatabaseDescriptor (org.apache.cassandra.config.DatabaseDescriptor)1 CQLStatement (org.apache.cassandra.cql3.CQLStatement)1 QueryOptions (org.apache.cassandra.cql3.QueryOptions)1 InvalidRequestException (org.apache.cassandra.exceptions.InvalidRequestException)1 org.apache.cassandra.schema (org.apache.cassandra.schema)1 KeyspacesDiff (org.apache.cassandra.schema.Keyspaces.KeyspacesDiff)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial