cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Ellis <jbel...@gmail.com>
Subject Re: bandwidth limiting Cassandra's replication and access control
Date Tue, 10 Nov 2009 23:09:44 GMT
2009/11/10 Ted Zlatanov <tzz@lifelogs.com>:
> (BTW, I use Eclipse for Java development, is there a way to run the Ant
> tasks automatically to rebuild the generated source if necessary?  It
> works fine otherwise.)

Someone who uses eclipse want to chime in here?

>From IDEA I just use ant on the command line.

> I see all the methods implementing the server interface in
> org.apache.cassandra.service.CassandraServer.  Is that where the
> authentication should happen?  Should I use JAAS (LDAP+PAM+other
> backends) or is there something else preferred?

Right, CassandraServer is the first non-generated stop for Thrift connections.

JAAS looks like the standard java way to do this sort of thing, which
makes me a little suspicious. :)  But if you're already familiar with
that, let's run with it.

> Does libThrift allow persistent state per client somehow or do I have to
> implement my own security tokens?  I don't see a way to track the client
> in any of the Cassandra services currently so I suspect libThrift is
> stateless on its own.

Yes.  Since we're using the thrift threaded server, setting up a
threadlocal from a login method and leaving the other methods alone
would be my preferred approach.

Ultimately what I'd like is to have a client authenticate to a
specific keyspace.  Then we'd drop the keyspace argument from the
other methods.

-Jonathan

Mime
View raw message