public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { return QueryProcessor.process(String.format("SELECT * FROM %s.%s", Auth.AUTH_KS, Auth.USERS_CF), ConsistencyLevel.QUORUM, QueryState.forInternalCalls()); } }
private void executeLoggedBatch(List<CQLStatement> statements) throws RequestExecutionException, RequestValidationException { BatchStatement batch = new BatchStatement(0, BatchStatement.Type.LOGGED, Lists.newArrayList(Iterables.filter(statements, ModificationStatement.class)), Attributes.none()); QueryProcessor.instance.processBatch(batch, QueryState.forInternalCalls(), BatchQueryOptions.withoutPerStatementVariables(QueryOptions.DEFAULT), System.nanoTime()); }
public static UntypedResultSet process(String query, ConsistencyLevel cl, List<ByteBuffer> values) throws RequestExecutionException { ResultMessage result = instance.process(query, QueryState.forInternalCalls(), QueryOptions.forInternalCalls(cl, values), System.nanoTime()); if (result instanceof ResultMessage.Rows) return UntypedResultSet.create(((ResultMessage.Rows)result).result); else return null; }
private void executeLoggedBatch(List<CQLStatement> statements) throws RequestExecutionException, RequestValidationException { BatchStatement batch = new BatchStatement(0, BatchStatement.Type.LOGGED, Lists.newArrayList(Iterables.filter(statements, ModificationStatement.class)), Attributes.none()); QueryProcessor.instance.processBatch(batch, QueryState.forInternalCalls(), BatchQueryOptions.withoutPerStatementVariables(QueryOptions.DEFAULT), System.nanoTime()); }
public static UntypedResultSet process(String query, ConsistencyLevel cl, List<ByteBuffer> values) throws RequestExecutionException { ResultMessage result = instance.process(query, QueryState.forInternalCalls(), QueryOptions.forInternalCalls(cl, values), System.nanoTime()); if (result instanceof ResultMessage.Rows) return UntypedResultSet.create(((ResultMessage.Rows)result).result); else return null; }
public static UntypedResultSet process(String query, ConsistencyLevel cl, List<ByteBuffer> values) throws RequestExecutionException { ResultMessage result = instance.process(query, QueryState.forInternalCalls(), QueryOptions.forInternalCalls(cl, values), System.nanoTime()); if (result instanceof ResultMessage.Rows) return UntypedResultSet.create(((ResultMessage.Rows)result).result); else return null; }
public static UntypedResultSet process(String query, ConsistencyLevel cl) throws RequestExecutionException { try { ResultMessage result = instance.process(query, QueryState.forInternalCalls(), QueryOptions.forInternalCalls(cl, Collections.<ByteBuffer>emptyList())); if (result instanceof ResultMessage.Rows) return UntypedResultSet.create(((ResultMessage.Rows)result).result); else return null; } catch (RequestValidationException e) { throw new RuntimeException(e); } }
private Role getRoleFromTable(String name, SelectStatement statement, Function<UntypedResultSet.Row, Role> function) throws RequestExecutionException, RequestValidationException { ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForRole(name), Collections.singletonList(ByteBufferUtil.bytes(name))), System.nanoTime()); if (rows.result.isEmpty()) return NULL_ROLE; return function.apply(UntypedResultSet.create(rows.result).one()); }
private Role getRoleFromTable(String name, SelectStatement statement, Function<UntypedResultSet.Row, Role> function) throws RequestExecutionException, RequestValidationException { ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForRole(name), Collections.singletonList(ByteBufferUtil.bytes(name))), System.nanoTime()); if (rows.result.isEmpty()) return NULL_ROLE; return function.apply(UntypedResultSet.create(rows.result).one()); }
private void executeLoggedBatch(List<CQLStatement> statements) throws RequestExecutionException, RequestValidationException { BatchStatement batch = new BatchStatement(0, BatchStatement.Type.LOGGED, Lists.newArrayList(Iterables.filter(statements, ModificationStatement.class)), Attributes.none()); QueryProcessor.instance.processBatch(batch, QueryState.forInternalCalls(), BatchQueryOptions.withoutPerStatementVariables(QueryOptions.DEFAULT), System.nanoTime()); }
private Role getRoleFromTable(String name, SelectStatement statement, Function<UntypedResultSet.Row, Role> function) throws RequestExecutionException, RequestValidationException { ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForRole(name), Collections.singletonList(ByteBufferUtil.bytes(name))), System.nanoTime()); if (rows.result.isEmpty()) return NULL_ROLE; return function.apply(UntypedResultSet.create(rows.result).one()); }
private static UntypedResultSet selectUser(String username) { try { ResultMessage.Rows rows = selectUserStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForUser(username), Lists.newArrayList(ByteBufferUtil.bytes(username)))); return UntypedResultSet.create(rows.result); } catch (RequestValidationException e) { throw new AssertionError(e); // not supposed to happen } catch (RequestExecutionException e) { throw new RuntimeException(e); } }
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { if (user.isSuper()) return Permission.ALL; UntypedResultSet result; try { ResultMessage.Rows rows = authorizeStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(user.getName()), ByteBufferUtil.bytes(resource.getName())))); result = UntypedResultSet.create(rows.result); } catch (RequestValidationException e) { throw new AssertionError(e); // not supposed to happen } catch (RequestExecutionException e) { logger.warn("CassandraAuthorizer failed to authorize {} for {}", user, resource); throw new RuntimeException(e); } if (result.isEmpty() || !result.one().has(PERMISSIONS)) return Permission.NONE; Set<Permission> permissions = EnumSet.noneOf(Permission.class); for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance)) permissions.add(Permission.valueOf(perm)); return permissions; }
public AuthenticatedUser authenticate(Map<String, String> credentials) throws AuthenticationException { String username = credentials.get(USERNAME_KEY); if (username == null) throw new AuthenticationException(String.format("Required key '%s' is missing", USERNAME_KEY)); String password = credentials.get(PASSWORD_KEY); if (password == null) throw new AuthenticationException(String.format("Required key '%s' is missing", PASSWORD_KEY)); UntypedResultSet result; try { ResultMessage.Rows rows = authenticateStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForUser(username), Lists.newArrayList(ByteBufferUtil.bytes(username)))); result = UntypedResultSet.create(rows.result); } catch (RequestValidationException e) { throw new AssertionError(e); // not supposed to happen } catch (RequestExecutionException e) { throw new AuthenticationException(e.toString()); } if (result.isEmpty() || !BCrypt.checkpw(password, result.one().getString(SALTED_HASH))) throw new AuthenticationException("Username and/or password are incorrect"); return new AuthenticatedUser(username); }
private String queryHashedPassword(String username) throws NoSuchCredentialsException { try { SelectStatement authenticationStatement = authenticationStatement(); ResultMessage.Rows rows = authenticationStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForRole(username), Lists.newArrayList(ByteBufferUtil.bytes(username))), System.nanoTime()); // If either a non-existent role name was supplied, or no credentials // were found for that role we don't want to cache the result so we throw // a specific, but unchecked, exception to keep LoadingCache happy. if (rows.result.isEmpty()) throw new NoSuchCredentialsException(); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.one().has(SALTED_HASH)) throw new NoSuchCredentialsException(); return result.one().getString(SALTED_HASH); } catch (RequestExecutionException e) { logger.trace("Error performing internal authentication", e); throw e; } }
private String queryHashedPassword(String username) throws NoSuchCredentialsException { try { SelectStatement authenticationStatement = authenticationStatement(); ResultMessage.Rows rows = authenticationStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForRole(username), Lists.newArrayList(ByteBufferUtil.bytes(username))), System.nanoTime()); // If either a non-existent role name was supplied, or no credentials // were found for that role we don't want to cache the result so we throw // a specific, but unchecked, exception to keep LoadingCache happy. if (rows.result.isEmpty()) throw new NoSuchCredentialsException(); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.one().has(SALTED_HASH)) throw new NoSuchCredentialsException(); return result.one().getString(SALTED_HASH); } catch (RequestExecutionException e) { logger.trace("Error performing internal authentication", e); throw e; } }
private void addPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException, RequestValidationException { QueryOptions options = QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(role.getRoleName()), ByteBufferUtil.bytes(resource.getName()))); SelectStatement statement; // If it exists, read from the legacy user permissions table to handle the case where the cluster // is being upgraded and so is running with mixed versions of the authz schema if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) == null) statement = authorizeRoleStatement; else { // If the permissions table was initialised only after the statement got prepared, re-prepare (CASSANDRA-12813) if (legacyAuthorizeRoleStatement == null) legacyAuthorizeRoleStatement = prepare(USERNAME, USER_PERMISSIONS); statement = legacyAuthorizeRoleStatement; } ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), options, System.nanoTime()); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.isEmpty() && result.one().has(PERMISSIONS)) { for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance)) { permissions.add(Permission.valueOf(perm)); } } }
private void addPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException, RequestValidationException { QueryOptions options = QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(role.getRoleName()), ByteBufferUtil.bytes(resource.getName()))); SelectStatement statement; // If it exists, read from the legacy user permissions table to handle the case where the cluster // is being upgraded and so is running with mixed versions of the authz schema if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) == null) statement = authorizeRoleStatement; else { // If the permissions table was initialised only after the statement got prepared, re-prepare (CASSANDRA-12813) if (legacyAuthorizeRoleStatement == null) legacyAuthorizeRoleStatement = prepare(USERNAME, USER_PERMISSIONS); statement = legacyAuthorizeRoleStatement; } ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), options, System.nanoTime()); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.isEmpty() && result.one().has(PERMISSIONS)) { for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance)) { permissions.add(Permission.valueOf(perm)); } } }
private String queryHashedPassword(String username) throws NoSuchCredentialsException { try { SelectStatement authenticationStatement = authenticationStatement(); ResultMessage.Rows rows = authenticationStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForRole(username), Lists.newArrayList(ByteBufferUtil.bytes(username))), System.nanoTime()); // If either a non-existent role name was supplied, or no credentials // were found for that role we don't want to cache the result so we throw // a specific, but unchecked, exception to keep LoadingCache happy. if (rows.result.isEmpty()) throw new NoSuchCredentialsException(); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.one().has(SALTED_HASH)) throw new NoSuchCredentialsException(); return result.one().getString(SALTED_HASH); } catch (RequestExecutionException e) { logger.trace("Error performing internal authentication", e); throw e; } }
private void addPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException, RequestValidationException { QueryOptions options = QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(role.getRoleName()), ByteBufferUtil.bytes(resource.getName()))); SelectStatement statement; // If it exists, read from the legacy user permissions table to handle the case where the cluster // is being upgraded and so is running with mixed versions of the authz schema if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) == null) statement = authorizeRoleStatement; else { // If the permissions table was initialised only after the statement got prepared, re-prepare (CASSANDRA-12813) if (legacyAuthorizeRoleStatement == null) legacyAuthorizeRoleStatement = prepare(USERNAME, USER_PERMISSIONS); statement = legacyAuthorizeRoleStatement; } ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), options, System.nanoTime()); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.isEmpty() && result.one().has(PERMISSIONS)) { for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance)) { permissions.add(Permission.valueOf(perm)); } } }