cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alek...@apache.org
Subject [4/10] Update IAuthenticator to match the new IAuthorizer; patch by Aleksey Yeschenko, reviewed by Jonathan Ellis for CASSANDRA-5003
Date Sat, 08 Dec 2012 15:40:41 GMT
http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/service/ClientState.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java
index 97d25dc..06c752f 100644
--- a/src/java/org/apache/cassandra/service/ClientState.java
+++ b/src/java/org/apache/cassandra/service/ClientState.java
@@ -28,15 +28,13 @@ import org.apache.cassandra.config.DatabaseDescriptor;
 import org.apache.cassandra.config.Schema;
 import org.apache.cassandra.db.SystemTable;
 import org.apache.cassandra.db.Table;
+import org.apache.cassandra.exceptions.AuthenticationException;
 import org.apache.cassandra.exceptions.InvalidRequestException;
 import org.apache.cassandra.exceptions.UnauthorizedException;
-import org.apache.cassandra.thrift.AuthenticationException;
 import org.apache.cassandra.utils.SemanticVersion;
 
 /**
  * State related to a client connection.
- *
- * TODO: Kill thrift exceptions
  */
 public class ClientState
 {
@@ -57,12 +55,12 @@ public class ClientState
         for (String cf : cfs)
             READABLE_SYSTEM_RESOURCES.add(DataResource.columnFamily(Table.SYSTEM_KS, cf));
 
+        PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthenticator().protectedResources());
         PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthorizer().protectedResources());
-        // TODO: the same with IAuthenticator once it's done.
     }
 
     // Current user for the session
-    private AuthenticatedUser user;
+    private volatile AuthenticatedUser user;
     private String keyspace;
 
     private SemanticVersion cqlVersion = DEFAULT_CQL_VERSION;
@@ -82,7 +80,8 @@ public class ClientState
     public ClientState(boolean internalCall)
     {
         this.internalCall = internalCall;
-        this.user = DatabaseDescriptor.getAuthenticator().defaultUser();
+        if (!DatabaseDescriptor.getAuthenticator().requireAuthentication())
+            this.user = AuthenticatedUser.ANONYMOUS_USER;
     }
 
     public String getRawKeyspace()
@@ -107,9 +106,15 @@ public class ClientState
     /**
      * Attempts to login this client with the given credentials map.
      */
-    public void login(Map<? extends CharSequence,? extends CharSequence> credentials)
throws AuthenticationException
+    public void login(Map<String, String> credentials) throws AuthenticationException
     {
-        this.user = DatabaseDescriptor.getAuthenticator().authenticate(credentials);
+        AuthenticatedUser user = DatabaseDescriptor.getAuthenticator().authenticate(credentials);
+
+        if (!user.isAnonymous() && !Auth.isExistingUser(user.getName()))
+           throw new AuthenticationException(String.format("User %s doesn't exist - create
it with CREATE USER query first",
+                                                           user.getName()));
+
+        this.user = user;
     }
 
     public void hasAllKeyspacesAccess(Permission perm) throws UnauthorizedException, InvalidRequestException
@@ -154,7 +159,7 @@ public class ClientState
                 return;
         }
         throw new UnauthorizedException(String.format("User %s has no %s permission on %s
or any of its parents",
-                                                      user.username,
+                                                      user.getName(),
                                                       perm,
                                                       resource));
     }
@@ -165,15 +170,17 @@ public class ClientState
             throw new UnauthorizedException(keyspace + " keyspace is not user-modifiable.");
     }
 
-    public boolean isLogged()
+    public void validateLogin() throws UnauthorizedException
     {
-        return user != null;
+        if (user == null)
+            throw new UnauthorizedException("You have not logged in");
     }
 
-    private void validateLogin() throws InvalidRequestException
+    public void ensureNotAnonymous() throws UnauthorizedException
     {
-        if (user == null)
-            throw new InvalidRequestException("You have not logged in");
+        validateLogin();
+        if (user.isAnonymous())
+            throw new UnauthorizedException("You have to be logged in to perform this query");
     }
 
     private static void validateKeyspace(String keyspace) throws InvalidRequestException
@@ -214,6 +221,11 @@ public class ClientState
                                                             StringUtils.join(getCQLSupportedVersion(),
", ")));
     }
 
+    public AuthenticatedUser getUser()
+    {
+        return user;
+    }
+
     public SemanticVersion getCQLVersion()
     {
         return cqlVersion;
@@ -227,26 +239,8 @@ public class ClientState
         return new SemanticVersion[]{ cql, cql3 };
     }
 
-    public Set<Permission> authorize(IResource resource)
+    private Set<Permission> authorize(IResource resource)
     {
         return DatabaseDescriptor.getAuthorizer().authorize(user, resource);
-
-    }
-    public void grantPermission(Set<Permission> permissions, IResource resource, String
to)
-    throws UnauthorizedException, InvalidRequestException
-    {
-        DatabaseDescriptor.getAuthorizer().grant(user, permissions, resource, to);
-    }
-
-    public void revokePermission(Set<Permission> permissions, IResource resource, String
from)
-    throws UnauthorizedException, InvalidRequestException
-    {
-        DatabaseDescriptor.getAuthorizer().revoke(user, permissions, resource, from);
-    }
-
-    public Set<PermissionDetails> listPermissions(Set<Permission> permissions,
IResource resource, String of)
-    throws UnauthorizedException, InvalidRequestException
-    {
-        return DatabaseDescriptor.getAuthorizer().listPermissions(user, permissions, resource,
of);
     }
 }

http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/thrift/CassandraServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CassandraServer.java b/src/java/org/apache/cassandra/thrift/CassandraServer.java
index 4255742..49fda60 100644
--- a/src/java/org/apache/cassandra/thrift/CassandraServer.java
+++ b/src/java/org/apache/cassandra/thrift/CassandraServer.java
@@ -1238,7 +1238,14 @@ public class CassandraServer implements Cassandra.Iface
 
     public void login(AuthenticationRequest auth_request) throws AuthenticationException,
AuthorizationException, TException
     {
-         state().login(auth_request.getCredentials());
+        try
+        {
+            state().login(auth_request.getCredentials());
+        }
+        catch (org.apache.cassandra.exceptions.AuthenticationException e)
+        {
+            throw ThriftConversion.toThrift(e);
+        }
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/thrift/ThriftConversion.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/ThriftConversion.java b/src/java/org/apache/cassandra/thrift/ThriftConversion.java
index 3105acd..fe28743 100644
--- a/src/java/org/apache/cassandra/thrift/ThriftConversion.java
+++ b/src/java/org/apache/cassandra/thrift/ThriftConversion.java
@@ -83,6 +83,11 @@ public class ThriftConversion
         return new UnavailableException();
     }
 
+    public static AuthenticationException toThrift(org.apache.cassandra.exceptions.AuthenticationException
e)
+    {
+        return new AuthenticationException(e.getMessage());
+    }
+
     public static TimedOutException toThrift(RequestTimeoutException e)
     {
         TimedOutException toe = new TimedOutException();

http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java b/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java
index 9dc5366..db82844 100644
--- a/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java
+++ b/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java
@@ -23,11 +23,10 @@ import java.util.Map;
 import org.jboss.netty.buffer.ChannelBuffer;
 import org.jboss.netty.buffer.ChannelBuffers;
 
+import org.apache.cassandra.exceptions.AuthenticationException;
 import org.apache.cassandra.service.QueryState;
 import org.apache.cassandra.transport.CBUtil;
 import org.apache.cassandra.transport.Message;
-import org.apache.cassandra.transport.ServerConnection;
-import org.apache.cassandra.thrift.AuthenticationException;
 
 /**
  * Message to indicate that the server is ready to receive requests.

http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java b/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java
index 56d002a..0751584 100644
--- a/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java
+++ b/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java
@@ -57,6 +57,9 @@ public class ErrorMessage extends Message.Response
                 case PROTOCOL_ERROR:
                     te = new ProtocolException(msg);
                     break;
+                case BAD_CREDENTIALS:
+                    te = new AuthenticationException(msg);
+                    break;
                 case UNAVAILABLE:
                     {
                         ConsistencyLevel cl = CBUtil.readConsistencyLevel(body);

http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/StartupMessage.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/messages/StartupMessage.java b/src/java/org/apache/cassandra/transport/messages/StartupMessage.java
index 7ef1504..7e32769 100644
--- a/src/java/org/apache/cassandra/transport/messages/StartupMessage.java
+++ b/src/java/org/apache/cassandra/transport/messages/StartupMessage.java
@@ -100,10 +100,10 @@ public class StartupMessage extends Message.Request
             }
         }
 
-        if (cState.isLogged())
-            return new ReadyMessage();
-        else
+        if (DatabaseDescriptor.getAuthenticator().requireAuthentication())
             return new AuthenticateMessage(DatabaseDescriptor.getAuthenticator().getClass().getName());
+        else
+            return new ReadyMessage();
     }
 
     @Override


Mime
View raw message