http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/service/ClientState.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java index 97d25dc..06c752f 100644 --- a/src/java/org/apache/cassandra/service/ClientState.java +++ b/src/java/org/apache/cassandra/service/ClientState.java @@ -28,15 +28,13 @@ import org.apache.cassandra.config.DatabaseDescriptor; import org.apache.cassandra.config.Schema; import org.apache.cassandra.db.SystemTable; import org.apache.cassandra.db.Table; +import org.apache.cassandra.exceptions.AuthenticationException; import org.apache.cassandra.exceptions.InvalidRequestException; import org.apache.cassandra.exceptions.UnauthorizedException; -import org.apache.cassandra.thrift.AuthenticationException; import org.apache.cassandra.utils.SemanticVersion; /** * State related to a client connection. - * - * TODO: Kill thrift exceptions */ public class ClientState { @@ -57,12 +55,12 @@ public class ClientState for (String cf : cfs) READABLE_SYSTEM_RESOURCES.add(DataResource.columnFamily(Table.SYSTEM_KS, cf)); + PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthenticator().protectedResources()); PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthorizer().protectedResources()); - // TODO: the same with IAuthenticator once it's done. } // Current user for the session - private AuthenticatedUser user; + private volatile AuthenticatedUser user; private String keyspace; private SemanticVersion cqlVersion = DEFAULT_CQL_VERSION; @@ -82,7 +80,8 @@ public class ClientState public ClientState(boolean internalCall) { this.internalCall = internalCall; - this.user = DatabaseDescriptor.getAuthenticator().defaultUser(); + if (!DatabaseDescriptor.getAuthenticator().requireAuthentication()) + this.user = AuthenticatedUser.ANONYMOUS_USER; } public String getRawKeyspace() @@ -107,9 +106,15 @@ public class ClientState /** * Attempts to login this client with the given credentials map. */ - public void login(Map<? extends CharSequence,? extends CharSequence> credentials) throws AuthenticationException + public void login(Map<String, String> credentials) throws AuthenticationException { - this.user = DatabaseDescriptor.getAuthenticator().authenticate(credentials); + AuthenticatedUser user = DatabaseDescriptor.getAuthenticator().authenticate(credentials); + + if (!user.isAnonymous() && !Auth.isExistingUser(user.getName())) + throw new AuthenticationException(String.format("User %s doesn't exist - create it with CREATE USER query first", + user.getName())); + + this.user = user; } public void hasAllKeyspacesAccess(Permission perm) throws UnauthorizedException, InvalidRequestException @@ -154,7 +159,7 @@ public class ClientState return; } throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents", - user.username, + user.getName(), perm, resource)); } @@ -165,15 +170,17 @@ public class ClientState throw new UnauthorizedException(keyspace + " keyspace is not user-modifiable."); } - public boolean isLogged() + public void validateLogin() throws UnauthorizedException { - return user != null; + if (user == null) + throw new UnauthorizedException("You have not logged in"); } - private void validateLogin() throws InvalidRequestException + public void ensureNotAnonymous() throws UnauthorizedException { - if (user == null) - throw new InvalidRequestException("You have not logged in"); + validateLogin(); + if (user.isAnonymous()) + throw new UnauthorizedException("You have to be logged in to perform this query"); } private static void validateKeyspace(String keyspace) throws InvalidRequestException @@ -214,6 +221,11 @@ public class ClientState StringUtils.join(getCQLSupportedVersion(), ", "))); } + public AuthenticatedUser getUser() + { + return user; + } + public SemanticVersion getCQLVersion() { return cqlVersion; @@ -227,26 +239,8 @@ public class ClientState return new SemanticVersion[]{ cql, cql3 }; } - public Set<Permission> authorize(IResource resource) + private Set<Permission> authorize(IResource resource) { return DatabaseDescriptor.getAuthorizer().authorize(user, resource); - - } - public void grantPermission(Set<Permission> permissions, IResource resource, String to) - throws UnauthorizedException, InvalidRequestException - { - DatabaseDescriptor.getAuthorizer().grant(user, permissions, resource, to); - } - - public void revokePermission(Set<Permission> permissions, IResource resource, String from) - throws UnauthorizedException, InvalidRequestException - { - DatabaseDescriptor.getAuthorizer().revoke(user, permissions, resource, from); - } - - public Set<PermissionDetails> listPermissions(Set<Permission> permissions, IResource resource, String of) - throws UnauthorizedException, InvalidRequestException - { - return DatabaseDescriptor.getAuthorizer().listPermissions(user, permissions, resource, of); } }
http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/thrift/CassandraServer.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/thrift/CassandraServer.java b/src/java/org/apache/cassandra/thrift/CassandraServer.java index 4255742..49fda60 100644 --- a/src/java/org/apache/cassandra/thrift/CassandraServer.java +++ b/src/java/org/apache/cassandra/thrift/CassandraServer.java @@ -1238,7 +1238,14 @@ public class CassandraServer implements Cassandra.Iface public void login(AuthenticationRequest auth_request) throws AuthenticationException, AuthorizationException, TException { - state().login(auth_request.getCredentials()); + try + { + state().login(auth_request.getCredentials()); + } + catch (org.apache.cassandra.exceptions.AuthenticationException e) + { + throw ThriftConversion.toThrift(e); + } } /** http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/thrift/ThriftConversion.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/thrift/ThriftConversion.java b/src/java/org/apache/cassandra/thrift/ThriftConversion.java index 3105acd..fe28743 100644 --- a/src/java/org/apache/cassandra/thrift/ThriftConversion.java +++ b/src/java/org/apache/cassandra/thrift/ThriftConversion.java @@ -83,6 +83,11 @@ public class ThriftConversion return new UnavailableException(); } + public static AuthenticationException toThrift(org.apache.cassandra.exceptions.AuthenticationException e) + { + return new AuthenticationException(e.getMessage()); + } + public static TimedOutException toThrift(RequestTimeoutException e) { TimedOutException toe = new TimedOutException(); http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java b/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java index 9dc5366..db82844 100644 --- a/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java +++ b/src/java/org/apache/cassandra/transport/messages/CredentialsMessage.java @@ -23,11 +23,10 @@ import java.util.Map; import org.jboss.netty.buffer.ChannelBuffer; import org.jboss.netty.buffer.ChannelBuffers; +import org.apache.cassandra.exceptions.AuthenticationException; import org.apache.cassandra.service.QueryState; import org.apache.cassandra.transport.CBUtil; import org.apache.cassandra.transport.Message; -import org.apache.cassandra.transport.ServerConnection; -import org.apache.cassandra.thrift.AuthenticationException; /** * Message to indicate that the server is ready to receive requests. http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java b/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java index 56d002a..0751584 100644 --- a/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java +++ b/src/java/org/apache/cassandra/transport/messages/ErrorMessage.java @@ -57,6 +57,9 @@ public class ErrorMessage extends Message.Response case PROTOCOL_ERROR: te = new ProtocolException(msg); break; + case BAD_CREDENTIALS: + te = new AuthenticationException(msg); + break; case UNAVAILABLE: { ConsistencyLevel cl = CBUtil.readConsistencyLevel(body); http://git-wip-us.apache.org/repos/asf/cassandra/blob/bddfa9e1/src/java/org/apache/cassandra/transport/messages/StartupMessage.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/transport/messages/StartupMessage.java b/src/java/org/apache/cassandra/transport/messages/StartupMessage.java index 7ef1504..7e32769 100644 --- a/src/java/org/apache/cassandra/transport/messages/StartupMessage.java +++ b/src/java/org/apache/cassandra/transport/messages/StartupMessage.java @@ -100,10 +100,10 @@ public class StartupMessage extends Message.Request } } - if (cState.isLogged()) - return new ReadyMessage(); - else + if (DatabaseDescriptor.getAuthenticator().requireAuthentication()) return new AuthenticateMessage(DatabaseDescriptor.getAuthenticator().getClass().getName()); + else + return new ReadyMessage(); } @Override
