@Override public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException { return authenticate(credentials); }
public void setup() { String query = String.format("SELECT %s FROM %s.%s WHERE role = ?", SALTED_HASH, SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.ROLES); authenticateStatement = prepare(query); if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, LEGACY_CREDENTIALS_TABLE) != null) prepareLegacyAuthenticateStatement(); cache = new CredentialsCache(this); }
PasswordAuthenticator idAuth = new PasswordAuthenticator(); Map<String, String> credentials = new HashMap<String, String>(); credentials.put(idAuth.USERNAME_KEY, userName);
public void alter(String username, Map<Option, Object> options) throws RequestExecutionException { process(String.format("UPDATE %s.%s SET salted_hash = '%s' WHERE username = '%s'", Auth.AUTH_KS, CREDENTIALS_CF, escape(hashpw((String) options.get(Option.PASSWORD))), escape(username)), consistencyForUser(username)); }
public void drop(String username) throws RequestExecutionException { process(String.format("DELETE FROM %s.%s WHERE username = '%s'", Auth.AUTH_KS, CREDENTIALS_CF, escape(username)), consistencyForUser(username)); }
private void prepareLegacyAuthenticateStatement() { String query = String.format("SELECT %s from %s.%s WHERE username = ?", SALTED_HASH, SchemaConstants.AUTH_KEYSPACE_NAME, LEGACY_CREDENTIALS_TABLE); legacyAuthenticateStatement = prepare(query); }
/** * If the legacy users table exists try to verify credentials there. This is to handle the case * where the cluster is being upgraded and so is running with mixed versions of the authn tables */ private SelectStatement authenticationStatement() { if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, LEGACY_CREDENTIALS_TABLE) == null) return authenticateStatement; else { // the statement got prepared, we to try preparing it again. // If the credentials was initialised only after statement got prepared, re-prepare (CASSANDRA-12813). if (legacyAuthenticateStatement == null) prepareLegacyAuthenticateStatement(); return legacyAuthenticateStatement; } }
private AuthenticatedUser authenticate(String username, String password) throws AuthenticationException { try { String hash = cache.get(username); if (!checkpw(password, hash)) throw new AuthenticationException(String.format("Provided username %s and/or password are incorrect", username)); return new AuthenticatedUser(username); } catch (ExecutionException | UncheckedExecutionException e) { // the credentials were somehow invalid - either a non-existent role, or one without a defined password if (e.getCause() instanceof NoSuchCredentialsException) throw new AuthenticationException(String.format("Provided username %s and/or password are incorrect", username)); // an unanticipated exception occured whilst querying the credentials table if (e.getCause() instanceof RequestExecutionException) { logger.trace("Error performing internal authentication", e); throw new AuthenticationException(String.format("Error during authentication of user %s : %s", username, e.getMessage())); } throw new RuntimeException(e); } }
private String queryHashedPassword(String username) throws NoSuchCredentialsException { try { SelectStatement authenticationStatement = authenticationStatement(); ResultMessage.Rows rows = authenticationStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForRole(username), Lists.newArrayList(ByteBufferUtil.bytes(username))), System.nanoTime()); // If either a non-existent role name was supplied, or no credentials // were found for that role we don't want to cache the result so we throw // a specific, but unchecked, exception to keep LoadingCache happy. if (rows.result.isEmpty()) throw new NoSuchCredentialsException(); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.one().has(SALTED_HASH)) throw new NoSuchCredentialsException(); return result.one().getString(SALTED_HASH); } catch (RequestExecutionException e) { logger.trace("Error performing internal authentication", e); throw e; } }
public AuthenticatedUser authenticate(Map<String, String> credentials) throws AuthenticationException { String username = credentials.get(USERNAME_KEY); if (username == null) throw new AuthenticationException(String.format("Required key '%s' is missing", USERNAME_KEY)); String password = credentials.get(PASSWORD_KEY); if (password == null) throw new AuthenticationException(String.format("Required key '%s' is missing", PASSWORD_KEY)); UntypedResultSet result; try { ResultMessage.Rows rows = authenticateStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForUser(username), Lists.newArrayList(ByteBufferUtil.bytes(username)))); result = UntypedResultSet.create(rows.result); } catch (RequestValidationException e) { throw new AssertionError(e); // not supposed to happen } catch (RequestExecutionException e) { throw new AuthenticationException(e.toString()); } if (result.isEmpty() || !BCrypt.checkpw(password, result.one().getString(SALTED_HASH))) throw new AuthenticationException("Username and/or password are incorrect"); return new AuthenticatedUser(username); }
public void create(String username, Map<Option, Object> options) throws InvalidRequestException, RequestExecutionException { String password = (String) options.get(Option.PASSWORD); if (password == null) throw new InvalidRequestException("PasswordAuthenticator requires PASSWORD option"); process(String.format("INSERT INTO %s.%s (username, salted_hash) VALUES ('%s', '%s')", Auth.AUTH_KS, CREDENTIALS_CF, escape(username), escape(hashpw(password))), consistencyForUser(username)); }
private void prepareLegacyAuthenticateStatement() { String query = String.format("SELECT %s from %s.%s WHERE username = ?", SALTED_HASH, SchemaConstants.AUTH_KEYSPACE_NAME, LEGACY_CREDENTIALS_TABLE); legacyAuthenticateStatement = prepare(query); }
/** * If the legacy users table exists try to verify credentials there. This is to handle the case * where the cluster is being upgraded and so is running with mixed versions of the authn tables */ private SelectStatement authenticationStatement() { if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, LEGACY_CREDENTIALS_TABLE) == null) return authenticateStatement; else { // the statement got prepared, we to try preparing it again. // If the credentials was initialised only after statement got prepared, re-prepare (CASSANDRA-12813). if (legacyAuthenticateStatement == null) prepareLegacyAuthenticateStatement(); return legacyAuthenticateStatement; } }
private AuthenticatedUser authenticate(String username, String password) throws AuthenticationException { try { String hash = cache.get(username); if (!checkpw(password, hash)) throw new AuthenticationException(String.format("Provided username %s and/or password are incorrect", username)); return new AuthenticatedUser(username); } catch (ExecutionException | UncheckedExecutionException e) { // the credentials were somehow invalid - either a non-existent role, or one without a defined password if (e.getCause() instanceof NoSuchCredentialsException) throw new AuthenticationException(String.format("Provided username %s and/or password are incorrect", username)); // an unanticipated exception occured whilst querying the credentials table if (e.getCause() instanceof RequestExecutionException) { logger.trace("Error performing internal authentication", e); throw new AuthenticationException(String.format("Error during authentication of user %s : %s", username, e.getMessage())); } throw new RuntimeException(e); } }
private String queryHashedPassword(String username) throws NoSuchCredentialsException { try { SelectStatement authenticationStatement = authenticationStatement(); ResultMessage.Rows rows = authenticationStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForRole(username), Lists.newArrayList(ByteBufferUtil.bytes(username))), System.nanoTime()); // If either a non-existent role name was supplied, or no credentials // were found for that role we don't want to cache the result so we throw // a specific, but unchecked, exception to keep LoadingCache happy. if (rows.result.isEmpty()) throw new NoSuchCredentialsException(); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.one().has(SALTED_HASH)) throw new NoSuchCredentialsException(); return result.one().getString(SALTED_HASH); } catch (RequestExecutionException e) { logger.trace("Error performing internal authentication", e); throw e; } }
public void setup() { String query = String.format("SELECT %s FROM %s.%s WHERE role = ?", SALTED_HASH, SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.ROLES); authenticateStatement = prepare(query); if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, LEGACY_CREDENTIALS_TABLE) != null) prepareLegacyAuthenticateStatement(); cache = new CredentialsCache(this); }
public AuthenticatedUser legacyAuthenticate(Map<String, String> credentials) throws AuthenticationException { String username = credentials.get(USERNAME_KEY); if (username == null) throw new AuthenticationException(String.format("Required key '%s' is missing", USERNAME_KEY)); String password = credentials.get(PASSWORD_KEY); if (password == null) throw new AuthenticationException(String.format("Required key '%s' is missing for provided username %s", PASSWORD_KEY, username)); return authenticate(username, password); }
private static Session createSession(String host, int port, boolean sslAuthenticationRequired, String userName, String password, boolean debug) { Properties properties = new Properties(); String mailSmtp = "mail.smtp"; if (sslAuthenticationRequired) { mailSmtp += "s"; properties.put(mailSmtp + ".socketFactory.port", Integer.toString(port)); properties.put(mailSmtp + ".socketFactory.class", "javax.net.ssl.SSLSocketFactory"); properties.put(mailSmtp + ".socketFactory.fallback", "false"); } properties.put("mail.debug", debug ? "true" : "false"); properties.put(mailSmtp + ".host", host); properties.put(mailSmtp + ".user", userName); properties.put(mailSmtp + ".password", password); properties.put(mailSmtp + ".port", Integer.toString(port)); properties.put(mailSmtp + ".starttls.enable", "true"); properties.put(mailSmtp + ".auth", "true"); return Session.getDefaultInstance(properties, new PasswordAuthenticator(userName, password)); }
private void prepareLegacyAuthenticateStatement() { String query = String.format("SELECT %s from %s.%s WHERE username = ?", SALTED_HASH, SchemaConstants.AUTH_KEYSPACE_NAME, LEGACY_CREDENTIALS_TABLE); legacyAuthenticateStatement = prepare(query); }
/** * If the legacy users table exists try to verify credentials there. This is to handle the case * where the cluster is being upgraded and so is running with mixed versions of the authn tables */ private SelectStatement authenticationStatement() { if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, LEGACY_CREDENTIALS_TABLE) == null) return authenticateStatement; else { // the statement got prepared, we to try preparing it again. // If the credentials was initialised only after statement got prepared, re-prepare (CASSANDRA-12813). if (legacyAuthenticateStatement == null) prepareLegacyAuthenticateStatement(); return legacyAuthenticateStatement; } }