/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.cassandra.auth;
import java.util.Set;
import com.google.common.base.Objects;
import org.apache.cassandra.config.DatabaseDescriptor;
Returned from IAuthenticator#authenticate(), represents an authenticated user everywhere internally.
Holds the name of the user and the roles that have been granted to the user. The roles will be cached
for roles_validity_in_ms.
/**
* Returned from IAuthenticator#authenticate(), represents an authenticated user everywhere internally.
*
* Holds the name of the user and the roles that have been granted to the user. The roles will be cached
* for roles_validity_in_ms.
*/
public class AuthenticatedUser
{
public static final String SYSTEM_USERNAME = "system";
public static final AuthenticatedUser SYSTEM_USER = new AuthenticatedUser(SYSTEM_USERNAME);
public static final String ANONYMOUS_USERNAME = "anonymous";
public static final AuthenticatedUser ANONYMOUS_USER = new AuthenticatedUser(ANONYMOUS_USERNAME);
// User-level permissions cache.
private static final PermissionsCache permissionsCache = new PermissionsCache(DatabaseDescriptor.getAuthorizer());
private final String name;
// primary Role of the logged in user
private final RoleResource role;
public AuthenticatedUser(String name)
{
this.name = name;
this.role = RoleResource.role(name);
}
public String getName()
{
return name;
}
public RoleResource getPrimaryRole()
{
return role;
}
Checks the user's superuser status.
Only a superuser is allowed to perform CREATE USER and DROP USER queries.
Im most cased, though not necessarily, a superuser will have Permission.ALL on every resource
(depends on IAuthorizer implementation).
/**
* Checks the user's superuser status.
* Only a superuser is allowed to perform CREATE USER and DROP USER queries.
* Im most cased, though not necessarily, a superuser will have Permission.ALL on every resource
* (depends on IAuthorizer implementation).
*/
public boolean isSuper()
{
return !isAnonymous() && Roles.hasSuperuserStatus(role);
}
If IAuthenticator doesn't require authentication, this method may return true.
/**
* If IAuthenticator doesn't require authentication, this method may return true.
*/
public boolean isAnonymous()
{
return this == ANONYMOUS_USER;
}
Some internal operations are performed on behalf of Cassandra itself, in those cases
the system user should be used where an identity is required
see CreateRoleStatement#execute() and overrides of SchemaAlteringStatement#grantPermissionsToCreator()
/**
* Some internal operations are performed on behalf of Cassandra itself, in those cases
* the system user should be used where an identity is required
* see CreateRoleStatement#execute() and overrides of SchemaAlteringStatement#grantPermissionsToCreator()
*/
public boolean isSystem()
{
return this == SYSTEM_USER;
}
Get the roles that have been granted to the user via the IRoleManager
Returns: a list of roles that have been granted to the user
/**
* Get the roles that have been granted to the user via the IRoleManager
*
* @return a list of roles that have been granted to the user
*/
public Set<RoleResource> getRoles()
{
return Roles.getRoles(role);
}
public Set<Permission> getPermissions(IResource resource)
{
return permissionsCache.getPermissions(this, resource);
}
@Override
public String toString()
{
return String.format("#<User %s>", name);
}
@Override
public boolean equals(Object o)
{
if (this == o)
return true;
if (!(o instanceof AuthenticatedUser))
return false;
AuthenticatedUser u = (AuthenticatedUser) o;
return Objects.equal(name, u.name);
}
@Override
public int hashCode()
{
return Objects.hashCode(name);
}
}