Package org.apache.cassandra.auth
Interface IAuthenticator.SaslNegotiator
-
- Enclosing interface:
- IAuthenticator
public static interface IAuthenticator.SaslNegotiatorPerforms the actual SASL negotiation for a single authentication attempt. SASL is stateful, so a new instance should be used for each attempt. Non-trivial implementations may delegate to an instance ofSaslServer
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description byte[]evaluateResponse(byte[] clientResponse)Evaluates the client response data and generates a byte[] response which may be a further challenge or purely informational in the case that the negotiation is completed on this round.AuthenticatedUsergetAuthenticatedUser()Following a sucessful negotiation, get the AuthenticatedUser representing the logged in subject.booleanisComplete()Called after each invocation ofevaluateResponse(byte[])to determine whether the authentication has completed successfully or should be continued.
-
-
-
Method Detail
-
evaluateResponse
byte[] evaluateResponse(byte[] clientResponse) throws AuthenticationExceptionEvaluates the client response data and generates a byte[] response which may be a further challenge or purely informational in the case that the negotiation is completed on this round. This method is called each time aAuthResponseis received from a client. After it is called,isComplete()is checked to determine whether the negotiation has finished. If so, an AuthenticatedUser is obtained by callinggetAuthenticatedUser()and that user associated with the active connection and the byte[] sent back to the client via anAuthSuccessmessage. If the negotiation is not yet complete, the byte[] is returned to the client as a further challenge in anAuthChallengemessage. This continues until the negotiation does complete or an error is encountered.- Parameters:
clientResponse- The non-null (but possibly empty) response sent by the client- Returns:
- The possibly null response to send to the client.
- Throws:
AuthenticationException- seeSaslServer.evaluateResponse(byte[])
-
isComplete
boolean isComplete()
Called after each invocation ofevaluateResponse(byte[])to determine whether the authentication has completed successfully or should be continued.- Returns:
- true if the authentication exchange has completed; false otherwise.
see
SaslServer.isComplete()
-
getAuthenticatedUser
AuthenticatedUser getAuthenticatedUser() throws AuthenticationException
Following a sucessful negotiation, get the AuthenticatedUser representing the logged in subject. This method should only be called ifisComplete()returns true. Should never return null - always throw AuthenticationException instead. Returning AuthenticatedUser.ANONYMOUS_USER is an option if authentication is not required.- Returns:
- non-null representation of the authenticated subject
- Throws:
AuthenticationException
-
-