You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by al...@apache.org on 2012/12/08 16:40:41 UTC
[4/10] Update IAuthenticator to match the new IAuthorizer;
patch by Aleksey Yeschenko, reviewed by Jonathan Ellis for
CASSANDRA-5003
http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/service/ClientState.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java
index 97d25dc..06c752f 100644
--- a/src/java/org/apache/cassandra/service/ClientState.java
+++ b/src/java/org/apache/cassandra/service/ClientState.java
@@ -28,15 +28,13 @@ import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.config.Schema;
import org.apache.cassandra.db.SystemTable;
import org.apache.cassandra.db.Table;
+import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.InvalidRequestException;
import org.apache.cassandra.exceptions.UnauthorizedException;
-import org.apache.cassandra.thrift.AuthenticationException;
import org.apache.cassandra.utils.SemanticVersion;
/**
* State related to a client connection.
- *
- * TODO: Kill thrift exceptions
*/
public class ClientState
{
@@ -57,12 +55,12 @@ public class ClientState
for (String cf : cfs)
READABLE_SYSTEM_RESOURCES.add(DataResource.columnFamily(Table.SYSTEM_KS, cf));
+ PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthenticator().protectedResources());
PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthorizer().protectedResources());
- // TODO: the same with IAuthenticator once it's done.
}
// Current user for the session
- private AuthenticatedUser user;
+ private volatile AuthenticatedUser user;
private String keyspace;
private SemanticVersion cqlVersion = DEFAULT_CQL_VERSION;
@@ -82,7 +80,8 @@ public class ClientState
public ClientState(boolean internalCall)
{
this.internalCall = internalCall;
- this.user = DatabaseDescriptor.getAuthenticator().defaultUser();
+ if (!DatabaseDescriptor.getAuthenticator().requireAuthentication())
+ this.user = AuthenticatedUser.ANONYMOUS_USER;
}
public String getRawKeyspace()
@@ -107,9 +106,15 @@ public class ClientState
/**
* Attempts to login this client with the given credentials map.
*/
- public void login(Map<? extends CharSequence,? extends CharSequence> credentials) throws AuthenticationException
+ public void login(Map<String, String> credentials) throws AuthenticationException
{
- this.user = DatabaseDescriptor.getAuthenticator().authenticate(credentials);
+ AuthenticatedUser user = DatabaseDescriptor.getAuthenticator().authenticate(credentials);
+
+ if (!user.isAnonymous() && !Auth.isExistingUser(user.getName()))
+ throw new AuthenticationException(String.format("User %s doesn't exist - create it with CREATE USER query first",
+ user.getName()));
+
+ this.user = user;
}
public void hasAllKeyspacesAccess(Permission perm) throws UnauthorizedException, InvalidRequestException
@@ -154,7 +159,7 @@ public class ClientState
return;
}
throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents",
- user.username,
+ user.getName(),
perm,
resource));
}
@@ -165,15 +170,17 @@ public class ClientState
throw new UnauthorizedException(keyspace + " keyspace is not user-modifiable.");
}
- public boolean isLogged()
+ public void validateLogin() throws UnauthorizedException
{
- return user != null;
+ if (user == null)
+ throw new UnauthorizedException("You have not logged in");
}
- private void validateLogin() throws InvalidRequestException
+ public void ensureNotAnonymous() throws UnauthorizedException
{
- if (user == null)
- throw new InvalidRequestException("You have not logged in");
+ validateLogin();
+ if (user.isAnonymous())
+ throw new UnauthorizedException("You have to be logged in to perform this query");
}
private static void validateKeyspace(String keyspace) throws InvalidRequestException
@@ -214,6 +221,11 @@ public class ClientState
StringUtils.join(getCQLSupportedVersion(), ", ")));
}
+ public AuthenticatedUser getUser()
+ {
+ return user;
+ }
+
public SemanticVersion getCQLVersion()
{
return cqlVersion;
@@ -227,26 +239,8 @@ public class ClientState
return new SemanticVersion[]{ cql, cql3 };
}
- public Set<Permission> authorize(IResource resource)
+ private Set<Permission> authorize(IResource resource)
{
return DatabaseDescriptor.getAuthorizer().authorize(user, resource);
-
- }
- public void grantPermission(Set<Permission> permissions, IResource resource, String to)
- throws UnauthorizedException, InvalidRequestException
- {
- DatabaseDescriptor.getAuthorizer().grant(user, permissions, resource, to);
- }
-
- public void revokePermission(Set<Permission> permissions, IResource resource, String from)
- throws UnauthorizedException, InvalidRequestException
- {
- DatabaseDescriptor.getAuthorizer().revoke(user, permissions, resource, from);
- }
-
- public Set<PermissionDetails> listPermissions(Set<Permission> permissions, IResource resource, String of)
- throws UnauthorizedException, InvalidRequestException
- {
- return DatabaseDescriptor.getAuthorizer().listPermissions(user, permissions, resource, of);
}
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/thrift/CassandraServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CassandraServer.java b/src/java/org/apache/cassandra/thrift/CassandraServer.java
index 4255742..49fda60 100644
--- a/src/java/org/apache/cassandra/thrift/CassandraServer.java
+++ b/src/java/org/apache/cassandra/thrift/CassandraServer.java
@@ -1238,7 +1238,14 @@ public class CassandraServer implements Cassandra.Iface
public void login(AuthenticationRequest auth_request) throws AuthenticationException, AuthorizationException, TException
{
- state().login(auth_request.getCredentials());
+ try
+ {
+ state().login(auth_request.getCredentials());
+ }
+ catch (org.apache.cassandra.exceptions.AuthenticationException e)
+ {
+ throw ThriftConversion.toThrift(e);
+ }
}
/**
http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/thrift/ThriftConversion.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/ThriftConversion.java b/src/java/org/apache/cassandra/thrift/ThriftConversion.java
index 3105acd..fe28743 100644
--- a/src/java/org/apache/cassandra/thrift/ThriftConversion.java
+++ b/src/java/org/apache/cassandra/thrift/ThriftConversion.java
@@ -83,6 +83,11 @@ public class ThriftConversion
return new UnavailableException();
}
+ public static AuthenticationException toThrift(org.apache.cassandra.exceptions.AuthenticationException e)
+ {
+ return new AuthenticationException(e.getMessage());
+ }
+
public static TimedOutException toThrift(RequestTimeoutException e)
{
TimedOutException toe = new TimedOutException();
http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java b/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java
index 9dc5366..db82844 100644
--- a/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java
+++ b/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java
@@ -23,11 +23,10 @@ import java.util.Map;
import org.jboss.netty.buffer.ChannelBuffer;
import org.jboss.netty.buffer.ChannelBuffers;
+import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.service.QueryState;
import org.apache.cassandra.transport.CBUtil;
import org.apache.cassandra.transport.Message;
-import org.apache.cassandra.transport.ServerConnection;
-import org.apache.cassandra.thrift.AuthenticationException;
/**
* Message to indicate that the server is ready to receive requests.
http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java b/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java
index 56d002a..0751584 100644
--- a/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java
+++ b/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java
@@ -57,6 +57,9 @@ public class ErrorMessage extends Message.Response
case PROTOCOL_ERROR:
te = new ProtocolException(msg);
break;
+ case BAD_CREDENTIALS:
+ te = new AuthenticationException(msg);
+ break;
case UNAVAILABLE:
{
ConsistencyLevel cl = CBUtil.readConsistencyLevel(body);
http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/StartupMessage.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/messages/StartupMessage.java b/src/java/org/apache/cassandra/transport/messages/StartupMessage.java
index 7ef1504..7e32769 100644
--- a/src/java/org/apache/cassandra/transport/messages/StartupMessage.java
+++ b/src/java/org/apache/cassandra/transport/messages/StartupMessage.java
@@ -100,10 +100,10 @@ public class StartupMessage extends Message.Request
}
}
- if (cState.isLogged())
- return new ReadyMessage();
- else
+ if (DatabaseDescriptor.getAuthenticator().requireAuthentication())
return new AuthenticateMessage(DatabaseDescriptor.getAuthenticator().getClass().getName());
+ else
+ return new ReadyMessage();
}
@Override