/** * Checks the user's superuser status. * Only a superuser is allowed to perform CREATE USER and DROP USER queries. * Im most cased, though not necessarily, a superuser will have Permission.ALL on every resource * (depends on IAuthorizer implementation). */ public boolean isSuper() { return !isAnonymous() && Roles.hasSuperuserStatus(role); }
/** * Checks the user's superuser status. * Only a superuser is allowed to perform CREATE USER and DROP USER queries. * Im most cased, though not necessarily, a superuser will have Permission.ALL on every resource * (depends on IAuthorizer implementation). */ public boolean isSuper() { return !isAnonymous() && Roles.hasSuperuserStatus(role); }
/** * Checks the user's superuser status. * Only a superuser is allowed to perform CREATE USER and DROP USER queries. * Im most cased, though not necessarily, a superuser will have Permission.ALL on every resource * (depends on IAuthorizer implementation). */ public boolean isSuper() { return !isAnonymous() && Roles.hasSuperuserStatus(role); }
/** * Checks the user's superuser status. * Only a superuser is allowed to perform CREATE USER and DROP USER queries. * Im most cased, though not necessarily, a superuser will have Permission.ALL on every resource * (depends on IAuthorizer implementation). */ public boolean isSuper() { return !isAnonymous() && Auth.isSuperuser(name); }
public void ensureNotAnonymous() throws UnauthorizedException { validateLogin(); if (user.isAnonymous()) throw new UnauthorizedException("You have to be logged in and not anonymous to perform this request"); }
public void ensureNotAnonymous() throws UnauthorizedException { validateLogin(); if (user.isAnonymous()) throw new UnauthorizedException("You have to be logged in and not anonymous to perform this request"); }
public void ensureNotAnonymous() throws UnauthorizedException { validateLogin(); if (user.isAnonymous()) throw new UnauthorizedException("You have to be logged in and not anonymous to perform this request"); }
public void ensureNotAnonymous() throws UnauthorizedException { validateLogin(); if (user.isAnonymous()) throw new UnauthorizedException("You have to be logged in and not anonymous to perform this request"); }
/** * Attempts to login the given user. */ public void login(AuthenticatedUser user) throws AuthenticationException { if (!user.isAnonymous() && !Auth.isExistingUser(user.getName())) throw new AuthenticationException(String.format("User %s doesn't exist - create it with CREATE USER query first", user.getName())); this.user = user; }
/** * Attempts to login the given user. */ public void login(AuthenticatedUser user) throws AuthenticationException { // Login privilege is not inherited via granted roles, so just // verify that the role with the credentials that were actually // supplied has it if (user.isAnonymous() || DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) this.user = user; else throw new AuthenticationException(String.format("%s is not permitted to log in", user.getName())); }
/** * Attempts to login the given user. */ public void login(AuthenticatedUser user) throws AuthenticationException { // Login privilege is not inherited via granted roles, so just // verify that the role with the credentials that were actually // supplied has it if (user.isAnonymous() || DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) this.user = user; else throw new AuthenticationException(String.format("%s is not permitted to log in", user.getName())); }
/** * Attempts to login the given user. */ public void login(AuthenticatedUser user) throws AuthenticationException { // Login privilege is not inherited via granted roles, so just // verify that the role with the credentials that were actually // supplied has it if (user.isAnonymous() || DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) this.user = user; else throw new AuthenticationException(String.format("%s is not permitted to log in", user.getName())); }
private void authenticate() { if (!StorageService.instance.isAuthSetupComplete()) throw new AuthenticationException("Cannot login as server authentication setup is not yet completed"); IAuthenticator authenticator = DatabaseDescriptor.getAuthenticator(); Map<String, String> credentials = new HashMap<>(); credentials.put(PasswordAuthenticator.USERNAME_KEY, username); credentials.put(PasswordAuthenticator.PASSWORD_KEY, String.valueOf(password)); AuthenticatedUser user = authenticator.legacyAuthenticate(credentials); // Only actual users should be allowed to authenticate for JMX if (user.isAnonymous() || user.isSystem()) throw new AuthenticationException(String.format("Invalid user %s", user.getName())); // The LOGIN privilege is required to authenticate - c.f. ClientState::login if (!DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) throw new AuthenticationException(user.getName() + " is not permitted to log in"); }
private void authenticate() { if (!StorageService.instance.isAuthSetupComplete()) throw new AuthenticationException("Cannot login as server authentication setup is not yet completed"); IAuthenticator authenticator = DatabaseDescriptor.getAuthenticator(); Map<String, String> credentials = new HashMap<>(); credentials.put(PasswordAuthenticator.USERNAME_KEY, username); credentials.put(PasswordAuthenticator.PASSWORD_KEY, String.valueOf(password)); AuthenticatedUser user = authenticator.legacyAuthenticate(credentials); // Only actual users should be allowed to authenticate for JMX if (user.isAnonymous() || user.isSystem()) throw new AuthenticationException(String.format("Invalid user %s", user.getName())); // The LOGIN privilege is required to authenticate - c.f. ClientState::login if (!DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) throw new AuthenticationException(user.getName() + " is not permitted to log in"); }
private void authenticate() { if (!StorageService.instance.isAuthSetupComplete()) throw new AuthenticationException("Cannot login as server authentication setup is not yet completed"); IAuthenticator authenticator = DatabaseDescriptor.getAuthenticator(); Map<String, String> credentials = new HashMap<>(); credentials.put(PasswordAuthenticator.USERNAME_KEY, username); credentials.put(PasswordAuthenticator.PASSWORD_KEY, String.valueOf(password)); AuthenticatedUser user = authenticator.legacyAuthenticate(credentials); // Only actual users should be allowed to authenticate for JMX if (user.isAnonymous() || user.isSystem()) throw new AuthenticationException(String.format("Invalid user %s", user.getName())); // The LOGIN privilege is required to authenticate - c.f. ClientState::login if (!DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) throw new AuthenticationException(user.getName() + " is not permitted to log in"); }
public ResultMessage execute(QueryState state, QueryOptions options, long queryStartNanoTime) throws RequestValidationException { // If an IF [NOT] EXISTS clause was used, this may not result in an actual schema change. To avoid doing // extra work in the drivers to handle schema changes, we return an empty message in this case. (CASSANDRA-7600) Event.SchemaChange ce = announceMigration(state, false); if (ce == null) return new ResultMessage.Void(); // when a schema alteration results in a new db object being created, we grant permissions on the new // object to the user performing the request if: // * the user is not anonymous // * the configured IAuthorizer supports granting of permissions (not all do, AllowAllAuthorizer doesn't and // custom external implementations may not) AuthenticatedUser user = state.getClientState().getUser(); if (user != null && !user.isAnonymous() && ce.change == Event.SchemaChange.Change.CREATED) { try { grantPermissionsToCreator(state); } catch (UnsupportedOperationException e) { // not a problem, grant is an optional method on IAuthorizer } } return new ResultMessage.SchemaChange(ce); }
public ResultMessage execute(QueryState state, QueryOptions options, long queryStartNanoTime) throws RequestValidationException { // If an IF [NOT] EXISTS clause was used, this may not result in an actual schema change. To avoid doing // extra work in the drivers to handle schema changes, we return an empty message in this case. (CASSANDRA-7600) Event.SchemaChange ce = announceMigration(state, false); if (ce == null) return new ResultMessage.Void(); // when a schema alteration results in a new db object being created, we grant permissions on the new // object to the user performing the request if: // * the user is not anonymous // * the configured IAuthorizer supports granting of permissions (not all do, AllowAllAuthorizer doesn't and // custom external implementations may not) AuthenticatedUser user = state.getClientState().getUser(); if (user != null && !user.isAnonymous() && ce.change == Event.SchemaChange.Change.CREATED) { try { grantPermissionsToCreator(state); } catch (UnsupportedOperationException e) { // not a problem, grant is an optional method on IAuthorizer } } return new ResultMessage.SchemaChange(ce); }
public ResultMessage execute(QueryState state, QueryOptions options, long queryStartNanoTime) throws RequestValidationException { // If an IF [NOT] EXISTS clause was used, this may not result in an actual schema change. To avoid doing // extra work in the drivers to handle schema changes, we return an empty message in this case. (CASSANDRA-7600) Event.SchemaChange ce = announceMigration(state, false); if (ce == null) return new ResultMessage.Void(); // when a schema alteration results in a new db object being created, we grant permissions on the new // object to the user performing the request if: // * the user is not anonymous // * the configured IAuthorizer supports granting of permissions (not all do, AllowAllAuthorizer doesn't and // custom external implementations may not) AuthenticatedUser user = state.getClientState().getUser(); if (user != null && !user.isAnonymous() && ce.change == Event.SchemaChange.Change.CREATED) { try { grantPermissionsToCreator(state); } catch (UnsupportedOperationException e) { // not a problem, grant is an optional method on IAuthorizer } } return new ResultMessage.SchemaChange(ce); }
/** * Grant all applicable permissions on the newly created role to the user performing the request * see also: SchemaAlteringStatement#grantPermissionsToCreator and the overridden implementations * of it in subclasses CreateKeyspaceStatement & CreateTableStatement. * @param state */ private void grantPermissionsToCreator(ClientState state) { // The creator of a Role automatically gets ALTER/DROP/AUTHORIZE permissions on it if: // * the user is not anonymous // * the configured IAuthorizer supports granting of permissions (not all do, AllowAllAuthorizer doesn't and // custom external implementations may not) if (!state.getUser().isAnonymous()) { try { DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, role.applicablePermissions(), role, RoleResource.role(state.getUser().getName())); } catch (UnsupportedOperationException e) { // not a problem, grant is an optional method on IAuthorizer } } } }
/** * Grant all applicable permissions on the newly created role to the user performing the request * see also: SchemaAlteringStatement#grantPermissionsToCreator and the overridden implementations * of it in subclasses CreateKeyspaceStatement & CreateTableStatement. * @param state */ private void grantPermissionsToCreator(ClientState state) { // The creator of a Role automatically gets ALTER/DROP/AUTHORIZE permissions on it if: // * the user is not anonymous // * the configured IAuthorizer supports granting of permissions (not all do, AllowAllAuthorizer doesn't and // custom external implementations may not) if (!state.getUser().isAnonymous()) { try { DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, role.applicablePermissions(), role, RoleResource.role(state.getUser().getName())); } catch (UnsupportedOperationException e) { // not a problem, grant is an optional method on IAuthorizer } } } }