You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2013/10/08 12:08:05 UTC

[4/7] git commit: Optimize auth setup

Optimize auth setup

patch by Aleksey Yeschenko; reviewed by Jonathan Ellis for
CASSANDRA-6122


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/6a543407
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/6a543407
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/6a543407

Branch: refs/heads/cassandra-2.0
Commit: 6a543407835fd40f007a9210d1f837d621d446c7
Parents: bdb7bb1
Author: Aleksey Yeschenko <al...@apache.org>
Authored: Tue Oct 8 15:40:49 2013 +0800
Committer: Aleksey Yeschenko <al...@apache.org>
Committed: Tue Oct 8 15:40:49 2013 +0800

----------------------------------------------------------------------
 CHANGES.txt                                             |  1 +
 src/java/org/apache/cassandra/auth/Auth.java            | 11 ++++++++++-
 .../apache/cassandra/auth/PasswordAuthenticator.java    | 12 ++++++++++--
 3 files changed, 21 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/6a543407/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 6cbfa14..35bd832 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -14,6 +14,7 @@
  * Fix memtable flushing for indexed tables (CASSANDRA-6112)
  * Fix skipping columns with multiple slices (CASSANDRA-6119)
  * Expose connected thrift + native client counts (CASSANDRA-5084)
+ * Optimize auth setup (CASSANDRA-6122)
 
 
 1.2.10

http://git-wip-us.apache.org/repos/asf/cassandra/blob/6a543407/src/java/org/apache/cassandra/auth/Auth.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Auth.java b/src/java/org/apache/cassandra/auth/Auth.java
index c9a42a2..e09514e 100644
--- a/src/java/org/apache/cassandra/auth/Auth.java
+++ b/src/java/org/apache/cassandra/auth/Auth.java
@@ -206,7 +206,7 @@ public class Auth
         try
         {
             // insert a default superuser if AUTH_KS.USERS_CF is empty.
-            if (QueryProcessor.process(String.format("SELECT * FROM %s.%s", AUTH_KS, USERS_CF), ConsistencyLevel.QUORUM).isEmpty())
+            if (!hasExistingUsers())
             {
                 QueryProcessor.process(String.format("INSERT INTO %s.%s (name, super) VALUES ('%s', %s) USING TIMESTAMP 0",
                                                      AUTH_KS,
@@ -223,6 +223,15 @@ public class Auth
         }
     }
 
+    private static boolean hasExistingUsers() throws RequestExecutionException
+    {
+        // Try looking up the 'cassandra' default super user first, to avoid the range query if possible.
+        String defaultSUQuery = String.format("SELECT * FROM %s.%s WHERE name = '%s'", AUTH_KS, USERS_CF, DEFAULT_SUPERUSER_NAME);
+        String allUsersQuery = String.format("SELECT * FROM %s.%s LIMIT 1", AUTH_KS, USERS_CF);
+        return !QueryProcessor.process(defaultSUQuery, ConsistencyLevel.QUORUM).isEmpty()
+            || !QueryProcessor.process(allUsersQuery, ConsistencyLevel.QUORUM).isEmpty();
+    }
+
     // we only worry about one character ('). Make sure it's properly escaped.
     private static String escape(String name)
     {

http://git-wip-us.apache.org/repos/asf/cassandra/blob/6a543407/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
index bcbdd29..2c2e227 100644
--- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
@@ -216,8 +216,8 @@ public class PasswordAuthenticator implements IAuthenticator
     {
         try
         {
-            // insert a default superuser if AUTH_KS.CREDENTIALS_CF is empty.
-            if (process(String.format("SELECT * FROM %s.%s", Auth.AUTH_KS, CREDENTIALS_CF), ConsistencyLevel.QUORUM).isEmpty())
+            // insert the default superuser if AUTH_KS.CREDENTIALS_CF is empty.
+            if (!hasExistingUsers())
             {
                 process(String.format("INSERT INTO %s.%s (username, salted_hash) VALUES ('%s', '%s') USING TIMESTAMP 0",
                                       Auth.AUTH_KS,
@@ -234,6 +234,14 @@ public class PasswordAuthenticator implements IAuthenticator
         }
     }
 
+    private static boolean hasExistingUsers() throws RequestExecutionException
+    {
+        // Try looking up the 'cassandra' default user first, to avoid the range query if possible.
+        String defaultSUQuery = String.format("SELECT * FROM %s.%s WHERE username = '%s'", Auth.AUTH_KS, CREDENTIALS_CF, DEFAULT_USER_NAME);
+        String allUsersQuery = String.format("SELECT * FROM %s.%s LIMIT 1", Auth.AUTH_KS, CREDENTIALS_CF);
+        return !process(defaultSUQuery, ConsistencyLevel.QUORUM).isEmpty() || !process(allUsersQuery, ConsistencyLevel.QUORUM).isEmpty();
+    }
+
     private static String hashpw(String password)
     {
         return BCrypt.hashpw(password, BCrypt.gensalt(GENSALT_LOG2_ROUNDS));