You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2013/10/08 12:08:04 UTC
[3/7] git commit: Optimize auth setup
Optimize auth setup
patch by Aleksey Yeschenko; reviewed by Jonathan Ellis for
CASSANDRA-6122
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/6a543407
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/6a543407
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/6a543407
Branch: refs/heads/trunk
Commit: 6a543407835fd40f007a9210d1f837d621d446c7
Parents: bdb7bb1
Author: Aleksey Yeschenko <al...@apache.org>
Authored: Tue Oct 8 15:40:49 2013 +0800
Committer: Aleksey Yeschenko <al...@apache.org>
Committed: Tue Oct 8 15:40:49 2013 +0800
----------------------------------------------------------------------
CHANGES.txt | 1 +
src/java/org/apache/cassandra/auth/Auth.java | 11 ++++++++++-
.../apache/cassandra/auth/PasswordAuthenticator.java | 12 ++++++++++--
3 files changed, 21 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/6a543407/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 6cbfa14..35bd832 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -14,6 +14,7 @@
* Fix memtable flushing for indexed tables (CASSANDRA-6112)
* Fix skipping columns with multiple slices (CASSANDRA-6119)
* Expose connected thrift + native client counts (CASSANDRA-5084)
+ * Optimize auth setup (CASSANDRA-6122)
1.2.10
http://git-wip-us.apache.org/repos/asf/cassandra/blob/6a543407/src/java/org/apache/cassandra/auth/Auth.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Auth.java b/src/java/org/apache/cassandra/auth/Auth.java
index c9a42a2..e09514e 100644
--- a/src/java/org/apache/cassandra/auth/Auth.java
+++ b/src/java/org/apache/cassandra/auth/Auth.java
@@ -206,7 +206,7 @@ public class Auth
try
{
// insert a default superuser if AUTH_KS.USERS_CF is empty.
- if (QueryProcessor.process(String.format("SELECT * FROM %s.%s", AUTH_KS, USERS_CF), ConsistencyLevel.QUORUM).isEmpty())
+ if (!hasExistingUsers())
{
QueryProcessor.process(String.format("INSERT INTO %s.%s (name, super) VALUES ('%s', %s) USING TIMESTAMP 0",
AUTH_KS,
@@ -223,6 +223,15 @@ public class Auth
}
}
+ private static boolean hasExistingUsers() throws RequestExecutionException
+ {
+ // Try looking up the 'cassandra' default super user first, to avoid the range query if possible.
+ String defaultSUQuery = String.format("SELECT * FROM %s.%s WHERE name = '%s'", AUTH_KS, USERS_CF, DEFAULT_SUPERUSER_NAME);
+ String allUsersQuery = String.format("SELECT * FROM %s.%s LIMIT 1", AUTH_KS, USERS_CF);
+ return !QueryProcessor.process(defaultSUQuery, ConsistencyLevel.QUORUM).isEmpty()
+ || !QueryProcessor.process(allUsersQuery, ConsistencyLevel.QUORUM).isEmpty();
+ }
+
// we only worry about one character ('). Make sure it's properly escaped.
private static String escape(String name)
{
http://git-wip-us.apache.org/repos/asf/cassandra/blob/6a543407/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
index bcbdd29..2c2e227 100644
--- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
@@ -216,8 +216,8 @@ public class PasswordAuthenticator implements IAuthenticator
{
try
{
- // insert a default superuser if AUTH_KS.CREDENTIALS_CF is empty.
- if (process(String.format("SELECT * FROM %s.%s", Auth.AUTH_KS, CREDENTIALS_CF), ConsistencyLevel.QUORUM).isEmpty())
+ // insert the default superuser if AUTH_KS.CREDENTIALS_CF is empty.
+ if (!hasExistingUsers())
{
process(String.format("INSERT INTO %s.%s (username, salted_hash) VALUES ('%s', '%s') USING TIMESTAMP 0",
Auth.AUTH_KS,
@@ -234,6 +234,14 @@ public class PasswordAuthenticator implements IAuthenticator
}
}
+ private static boolean hasExistingUsers() throws RequestExecutionException
+ {
+ // Try looking up the 'cassandra' default user first, to avoid the range query if possible.
+ String defaultSUQuery = String.format("SELECT * FROM %s.%s WHERE username = '%s'", Auth.AUTH_KS, CREDENTIALS_CF, DEFAULT_USER_NAME);
+ String allUsersQuery = String.format("SELECT * FROM %s.%s LIMIT 1", Auth.AUTH_KS, CREDENTIALS_CF);
+ return !process(defaultSUQuery, ConsistencyLevel.QUORUM).isEmpty() || !process(allUsersQuery, ConsistencyLevel.QUORUM).isEmpty();
+ }
+
private static String hashpw(String password)
{
return BCrypt.hashpw(password, BCrypt.gensalt(GENSALT_LOG2_ROUNDS));