public PermissionsCache(IAuthorizer authorizer) { super("PermissionsCache", DatabaseDescriptor::setPermissionsValidity, DatabaseDescriptor::getPermissionsValidity, DatabaseDescriptor::setPermissionsUpdateInterval, DatabaseDescriptor::getPermissionsUpdateInterval, DatabaseDescriptor::setPermissionsCacheMaxEntries, DatabaseDescriptor::getPermissionsCacheMaxEntries, (p) -> authorizer.authorize(p.left, p.right), () -> DatabaseDescriptor.getAuthorizer().requireAuthorization()); }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { DatabaseDescriptor.getAuthorizer().grant(state.getUser(), permissions, resource, grantee); return null; } }
/** * Query the configured IAuthorizer for the set of all permissions granted on JMXResources to a specific subject * @param subject * @return All permissions granted to the specfied subject (including those transitively inherited from * any roles the subject has been granted), filtered to include only permissions granted on * JMXResources */ private static Set<PermissionDetails> loadPermissions(RoleResource subject) { // get all permissions for the specified subject. We'll cache them as it's likely // we'll receive multiple lookups for the same subject (but for different resources // and permissions) in quick succession return DatabaseDescriptor.getAuthorizer().list(AuthenticatedUser.SYSTEM_USER, Permission.ALL, null, subject) .stream() .filter(details -> details.resource instanceof JMXResource) .collect(Collectors.toSet()); }
authorizer = FBUtilities.newAuthorizer(conf.authorizer); if (!authenticator.requireAuthentication() && authorizer.requireAuthorization()) throw new ConfigurationException(conf.authenticator + " can't be used with " + conf.authorizer, false); authorizer.validateConfiguration(); roleManager.validateConfiguration(); internodeAuthenticator.validateConfiguration();
public void onDropFunction(String ksName, String functionName, List<AbstractType<?>> argTypes) { DatabaseDescriptor.getAuthorizer() .revokeAllOn(FunctionResource.function(ksName, functionName, argTypes)); }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { // not rejected in validate() if (ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) return null; // clean up grants and permissions of/on the dropped role. DatabaseDescriptor.getRoleManager().dropRole(state.getUser(), role); DatabaseDescriptor.getAuthorizer().revokeAllFrom(role); DatabaseDescriptor.getAuthorizer().revokeAllOn(role); return null; } }
public Set<Permission> load(Pair<AuthenticatedUser, IResource> userResource) { return authorizer.authorize(userResource.left, userResource.right); }
private void doAuthSetup() { if (!authSetupCalled.getAndSet(true)) { maybeAddOrUpdateKeyspace(AuthKeyspace.metadata()); DatabaseDescriptor.getRoleManager().setup(); DatabaseDescriptor.getAuthenticator().setup(); DatabaseDescriptor.getAuthorizer().setup(); MigrationManager.instance.register(new AuthMigrationListener()); authSetupComplete = true; } }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { DatabaseDescriptor.getAuthorizer().revoke(state.getUser(), permissions, resource, grantee); return null; } }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
authorizer.validateConfiguration(); internodeAuthenticator.validateConfiguration();
authorizer = FBUtilities.newAuthorizer(conf.authorizer); if (!authenticator.requireAuthentication() && authorizer.requireAuthorization()) throw new ConfigurationException(conf.authenticator + " can't be used with " + conf.authorizer, false); authorizer.validateConfiguration(); roleManager.validateConfiguration(); internodeAuthenticator.validateConfiguration();
public void onDropAggregate(String ksName, String aggregateName, List<AbstractType<?>> argTypes) { DatabaseDescriptor.getAuthorizer() .revokeAllOn(FunctionResource.function(ksName, aggregateName, argTypes)); } }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { // not rejected in validate() if (ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) return null; // clean up grants and permissions of/on the dropped role. DatabaseDescriptor.getRoleManager().dropRole(state.getUser(), role); DatabaseDescriptor.getAuthorizer().revokeAllFrom(role); DatabaseDescriptor.getAuthorizer().revokeAllOn(role); return null; } }
public Set<Permission> getPermissions(AuthenticatedUser user, IResource resource) { if (cache == null) return authorizer.authorize(user, resource); try { return cache.get(Pair.create(user, resource)); } catch (ExecutionException e) { throw new RuntimeException(e); } }
private void doAuthSetup() { if (!authSetupCalled.getAndSet(true)) { maybeAddOrUpdateKeyspace(AuthKeyspace.metadata()); DatabaseDescriptor.getRoleManager().setup(); DatabaseDescriptor.getAuthenticator().setup(); DatabaseDescriptor.getAuthorizer().setup(); MigrationManager.instance.register(new AuthMigrationListener()); authSetupComplete = true; } }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { DatabaseDescriptor.getAuthorizer().revoke(state.getUser(), permissions, resource, grantee); return null; } }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { DatabaseDescriptor.getAuthorizer().grant(state.getUser(), permissions, resource, grantee); return null; } }
public PermissionsCache(IAuthorizer authorizer) { super("PermissionsCache", DatabaseDescriptor::setPermissionsValidity, DatabaseDescriptor::getPermissionsValidity, DatabaseDescriptor::setPermissionsUpdateInterval, DatabaseDescriptor::getPermissionsUpdateInterval, DatabaseDescriptor::setPermissionsCacheMaxEntries, DatabaseDescriptor::getPermissionsCacheMaxEntries, (p) -> authorizer.authorize(p.left, p.right), () -> DatabaseDescriptor.getAuthorizer().requireAuthorization()); }