If the processes are launched separately or you fork before setting up the cluster object it won't share credentials.
On Wed, Feb 8, 2017, 02:33 Yuji Ito <y...@imagine-orb.com> wrote: > Thanks Ben, > > Do you mean lots of instances of the process or lots of instances of the > cluster/session object? > > > Lots of instances of the process are generated. > I wanted to confirm that `other` doesn't authenticate. > > If I want to avoid that, my application has to create new cluster/session > objects per instance. > But it is inefficient and uncommon. > So, we aren't sure that the application works when a lot of > cluster/session objects are created. > Is it correct? > > Thank you, > Yuji > > > > On Wed, Feb 8, 2017 at 12:01 PM, Ben Bromhead <b...@instaclustr.com> wrote: > > On Tue, 7 Feb 2017 at 17:52 Yuji Ito <y...@imagine-orb.com> wrote: > > Thanks Andrew, Ben, > > My application creates a lot of instances connecting to Cassandra with > basically the same set of credentials. > > Do you mean lots of instances of the process or lots of instances of the > cluster/session object? > > > After an instance connects to Cassandra with the credentials, can any > instance connect to Cassandra without credentials? > > As long as you don't share the session or cluster objects. Each new > cluster/session will need to reauthenticate. > > > == example == > A first = new A("database", "user", "password"); // proper credentials > r = first.get(); > ... > A other = new A("database", "user", "pass"); // wrong password > r = other.get(); > == example == > > I want to refuse the `other` instance with improper credentials. > > > This looks like you are creating new cluster/session objects (filling in > the blanks for your pseudocode here). So "other" will not authenticate to > Cassandra. > > This brings up a wider point of why you are doing this? Generally most > applications will create a single longed lived session object that lasts > the life of the application process. > > I would not rely on Cassandra auth to authenticate downstream actors, not > because it's bad, just its generally inefficient to create lots of session > objects. The session object maintains a connection pool, pipelines > requests, is thread safe and generally pretty solid. > > > > > Yuji > > > On Wed, Feb 8, 2017 at 4:11 AM, Ben Bromhead <b...@instaclustr.com> wrote: > > What are you specifically trying to achieve? Are you trying to > authenticate multiple Cassandra users from a single application instance? > Or will your have lot's of application instances connecting to Cassandra > using the same set of credentials? Or a combination of both? Multiple > application instances with different credentials? > > On Tue, 7 Feb 2017 at 06:19 Andrew Tolbert <andrew.tolb...@datastax.com> > wrote: > > Hello, > > The API seems kind of not correct because credentials should be > usually set with a session but actually they are set with a cluster. > > > With the datastax driver, Session is what manages connection pools to > each node. Cluster manages configuration and a separate connection > ('control connection') to subscribe to state changes (schema changes, node > topology changes, node up/down events). > > > So, if there are 1000 clients, then with this API it has to create > 1000 cluster instances ? > > > I'm unsure how common it is for per-user authentication to be done when > connecting to the database. I think an application would normally > authenticate with one set of credentials instead of multiple. The protocol > Cassandra uses does authentication at the connection level instead of at > the request level, so that is currently a limitation to support something > like reusing Sessions for authenticating multiple users. > > Thanks, > Andy > > > On Tue, Feb 7, 2017 at 7:19 AM Hiroyuki Yamada <mogwa...@gmail.com> wrote: > > Hi, > > The API seems kind of not correct because credentials should be > usually set with a session but actually they are set with a cluster. > > So, if there are 1000 clients, then with this API it has to create > 1000 cluster instances ? > 1000 clients seems usual if there are many nodes (say 20) and each > node has some concurrency (say 50), > but 1000 cluster instances seems too many. > > Is this an expected way to do this ? or > Is there any way to authenticate per session ? > > Thanks, > Hiro > > On Tue, Feb 7, 2017 at 11:38 AM, Yuji Ito <y...@imagine-orb.com> wrote: > > Hi all, > > > > I want to know how to authenticate Cassandra users for multiple instances > > with Java driver. > > For instance, each thread creates a instance to access Cassandra with > > authentication. > > > > As the implementation example, only the first constructor builds a > cluster > > and a session. > > Other constructors use them. > > This example is implemented according to the datastax document: > "Basically > > you will want to share the same cluster and session instances across your > > application". > > > http://www.datastax.com/dev/blog/4-simple-rules-when-using-the-datastax-drivers-for-cassandra > > > > However, other constructors don't authenticate the user and the password. > > That's because they don't need to build a cluster and a session. > > > > So, should I create a cluster and a session per instance for the > > authentication? > > If yes, can I create a lot of instances(clusters and sessions) to access > C* > > concurrently? > > > > == example == > > public class A { > > private static Cluster cluster = null; > > private static Map<String, Session> sessions = null; > > private Session session; > > > > public A (String keyspace, String user, String password) { > > if (cluster == null) { > > builder = Cluster.builder(); > > ... > > builder = builder.withCredentials(user, password); > > cluster = builder.build(); > > } > > session = sessions.get(keyspace); > > if (session == null) { > > session = cluster.connection(keyspace); > > sessions.put(keyspace, session) > > } > > ... > > } > > ... > > public ResultSet update(...) { > > ... > > public ResultSet get(...) { > > ... > > } > > == example == > > > > Thanks, > > Yuji > > -- > Ben Bromhead > CTO | Instaclustr <https://www.instaclustr.com/> > +1 650 284 9692 <(650)%20284-9692> > Managed Cassandra / Spark on AWS, Azure and Softlayer > > > -- > Ben Bromhead > CTO | Instaclustr <https://www.instaclustr.com/> > +1 650 284 9692 <(650)%20284-9692> > Managed Cassandra / Spark on AWS, Azure and Softlayer > > > -- Ben Bromhead CTO | Instaclustr <https://www.instaclustr.com/> +1 650 284 9692 Managed Cassandra / Spark on AWS, Azure and Softlayer