Package org.apache.cassandra.auth
Class AuthenticatedUser
- java.lang.Object
-
- org.apache.cassandra.auth.AuthenticatedUser
-
public class AuthenticatedUser extends java.lang.ObjectReturned from IAuthenticator#authenticate(), represents an authenticated user everywhere internally. Holds the name of the user and the roles that have been granted to the user. The roles will be cached for roles_validity.
-
-
Field Summary
Fields Modifier and Type Field Description static AuthenticatedUserANONYMOUS_USERstatic java.lang.StringANONYMOUS_USERNAMEstatic NetworkPermissionsCachenetworkPermissionsCachestatic PermissionsCachepermissionsCachestatic AuthenticatedUserSYSTEM_USERstatic java.lang.StringSYSTEM_USERNAME
-
Constructor Summary
Constructors Constructor Description AuthenticatedUser(java.lang.String name)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description booleancanLogin()Check whether this user has login privileges.booleanequals(java.lang.Object o)java.lang.StringgetName()java.util.Set<Permission>getPermissions(IResource resource)RoleResourcegetPrimaryRole()java.util.Set<Role>getRoleDetails()Get the detailed info on roles granted to the user via IRoleManagerjava.util.Set<RoleResource>getRoles()Get the roles that have been granted to the user via the IRoleManagerinthashCode()booleanhasLocalAccess()Verify that there is not DC level restriction on this user accessing this node.static voidinit()UseAuthCacheService.initializeAndRegisterCaches()rather than calling this directlybooleanisAnonymous()If IAuthenticator doesn't require authentication, this method may return true.booleanisSuper()Checks the user's superuser status.booleanisSystem()Some internal operations are performed on behalf of Cassandra itself, in those cases the system user should be used where an identity is required see CreateRoleStatement#execute() and overrides of AlterSchemaStatement#createdResources()java.lang.StringtoString()
-
-
-
Field Detail
-
SYSTEM_USERNAME
public static final java.lang.String SYSTEM_USERNAME
- See Also:
- Constant Field Values
-
SYSTEM_USER
public static final AuthenticatedUser SYSTEM_USER
-
ANONYMOUS_USERNAME
public static final java.lang.String ANONYMOUS_USERNAME
- See Also:
- Constant Field Values
-
ANONYMOUS_USER
public static final AuthenticatedUser ANONYMOUS_USER
-
permissionsCache
public static final PermissionsCache permissionsCache
-
networkPermissionsCache
public static final NetworkPermissionsCache networkPermissionsCache
-
-
Method Detail
-
init
public static void init()
UseAuthCacheService.initializeAndRegisterCaches()rather than calling this directly
-
getName
public java.lang.String getName()
-
getPrimaryRole
public RoleResource getPrimaryRole()
-
isSuper
public boolean isSuper()
Checks the user's superuser status. Only a superuser is allowed to perform CREATE USER and DROP USER queries. Im most cased, though not necessarily, a superuser will have Permission.ALL on every resource (depends on IAuthorizer implementation).
-
isAnonymous
public boolean isAnonymous()
If IAuthenticator doesn't require authentication, this method may return true.
-
isSystem
public boolean isSystem()
Some internal operations are performed on behalf of Cassandra itself, in those cases the system user should be used where an identity is required see CreateRoleStatement#execute() and overrides of AlterSchemaStatement#createdResources()
-
getRoles
public java.util.Set<RoleResource> getRoles()
Get the roles that have been granted to the user via the IRoleManager- Returns:
- a set of identifiers for the roles that have been granted to the user
-
getRoleDetails
public java.util.Set<Role> getRoleDetails()
Get the detailed info on roles granted to the user via IRoleManager- Returns:
- a set of Role objects detailing the roles granted to the user
-
getPermissions
public java.util.Set<Permission> getPermissions(IResource resource)
-
canLogin
public boolean canLogin()
Check whether this user has login privileges. LOGIN is not inherited from granted roles, so must be directly granted to the primary role for this user- Returns:
- true if the user is permitted to login, false otherwise.
-
hasLocalAccess
public boolean hasLocalAccess()
Verify that there is not DC level restriction on this user accessing this node. Further extends the login privilege check by verifying that the primary role for this user is permitted to perform operations in the local (to this node) datacenter. Like LOGIN, this is not inherited from granted roles.- Returns:
- true if the user is permitted to access nodes in this node's datacenter, false otherwise
-
toString
public java.lang.String toString()
- Overrides:
toStringin classjava.lang.Object
-
equals
public boolean equals(java.lang.Object o)
- Overrides:
equalsin classjava.lang.Object
-
hashCode
public int hashCode()
- Overrides:
hashCodein classjava.lang.Object
-
-