All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.datastax.driver.dse.auth.DsePlainTextAuthProvider Maven / Gradle / Ivy

/*
 * Copyright DataStax, Inc.
 *
 * This software can be used solely with DataStax Enterprise. Please consult the license at
 * http://www.datastax.com/terms/datastax-dse-driver-license-terms
 */
package com.datastax.driver.dse.auth;

import static com.google.common.base.Preconditions.checkNotNull;

import com.datastax.driver.core.AuthProvider;
import com.datastax.driver.core.Authenticator;
import com.datastax.driver.core.exceptions.AuthenticationException;
import com.google.common.base.Charsets;
import com.google.common.primitives.Bytes;
import java.net.InetSocketAddress;
import java.util.Arrays;

/**
 * AuthProvider that provides plain text authenticator instances for clients to connect to DSE
 * clusters secured with the DseAuthenticator.
 *
 * 

To create a cluster using this auth provider: * *

 * Cluster cluster = Cluster.builder()
 *                          .addContactPoint(hostname)
 *                          .withAuthProvider(new DsePlainTextAuthProvider("username", "password"))
 *                          .build();
 * 
*/ public class DsePlainTextAuthProvider implements AuthProvider { private final String username; private final String password; private final String authorizationId; /** * Creates an {@link AuthProvider} for the given username and password. * * @param username The username; cannot be {@code null}. * @param password The password; cannot be {@code null}. */ public DsePlainTextAuthProvider(String username, String password) { checkNotNull(username, "username cannot be null"); checkNotNull(password, "password cannot be null"); this.username = username; this.password = password; this.authorizationId = ""; } /** * Creates an {@link AuthProvider} for the given authentication ID (username), password and * authorization ID (authorizationId). Providing an authorization ID allows the currently * authenticated user to act as a different user (a.k.a. proxy authentication). * * @param username The username; cannot be {@code null}. * @param password The password; cannot be {@code null}. * @param authorizationId The authorization ID; cannot be {@code null}. */ public DsePlainTextAuthProvider(String username, String password, String authorizationId) { checkNotNull(username, "username cannot be null"); checkNotNull(password, "password cannot be null"); checkNotNull(authorizationId, "authorizationId cannot be null"); this.username = username; this.password = password; this.authorizationId = authorizationId; } @Override public Authenticator newAuthenticator(InetSocketAddress host, String authenticator) throws AuthenticationException { return new PlainTextAuthenticator(authenticator, username, password, authorizationId); } private static class PlainTextAuthenticator extends BaseDseAuthenticator { private static final byte[] MECHANISM = "PLAIN".getBytes(Charsets.UTF_8); private static final byte[] SERVER_INITIAL_CHALLENGE = "PLAIN-START".getBytes(Charsets.UTF_8); private static final byte[] NULL = new byte[] {0}; private final byte[] authenticationId; private final byte[] password; private final byte[] authorizationId; PlainTextAuthenticator( String authenticator, String authenticationId, String password, String authorizationId) { super(authenticator); this.authenticationId = authenticationId.getBytes(Charsets.UTF_8); this.password = password.getBytes(Charsets.UTF_8); this.authorizationId = authorizationId.getBytes(Charsets.UTF_8); } @Override public byte[] getMechanism() { return MECHANISM.clone(); } @Override public byte[] getInitialServerChallenge() { return SERVER_INITIAL_CHALLENGE.clone(); } @Override public byte[] evaluateChallenge(byte[] challenge) { if (Arrays.equals(SERVER_INITIAL_CHALLENGE, challenge)) { // The SASL plain text format is authorizationId NUL username NUL password return Bytes.concat(authorizationId, NULL, authenticationId, NULL, password); } throw new RuntimeException("Incorrect challenge from server"); } } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy