[
https://issues.apache.org/jira/browse/CASSANDRA-19946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tiago L. Alves updated CASSANDRA-19946:
---------------------------------------
Description:
The implementation of custom authentication / authorization can be achieved by
implementing {{{}IAuthenticator{}}}, {{{}IAuthorizer{}}}, {{{}IRoleManager{}}},
and other interfaces and configured in {{{}cassandra.yaml{}}}.
{{IAuthenticator}} implementations, for instance, can additionally read extra
configuration parameters via a map of strings defined in {{{}cassandra.yaml{}}}.
Examples of valid configurations are:
{code:java}
authenticator: com.example.auth.CustomAuthenticator{code}
or
{code:java}
authenticator:
class_name : com.example.auth.CustomAuthenticator
parameters :
param1 : value1
param2 : value2{code}
This enables a C* admin to conveniently define and parameterize it's own custom
Authenticator directly in {{{}cassandra.yaml{}}}.
This parameterization is currently enabled for {{Authenticator}} and
{{CIDRAuthorizer}} implementations only and is missing for {{{}Authorizer{}}},
{{{}RoleManager{}}}, and {{NetworkAuthorizer.}}
To enable a C* admin to set and parameterize custom
authentication/authorization implementations we should enable parametrization
of all {{{}Authorizer{}}}, {{{}RoleManager{}}}, and {{NetworkAuthorizer}}
implementations. This can be achieved by instantiating all auth-related
implementations via {{{}ParameterizedClass{}}}.
>From an user point of view, configuring existent authenticators/authorizators
>will have no visible changes.
was:
The implementation of custom authentication / authorization can be achieved by
implementing {{{}IAuthenticator{}}}, {{{}IAuthorizer{}}}, {{{}IRoleManager{}}},
and other interfaces.
{{IAuthenticator}} implementations, for instance, can additionally read extra
configuration parameters via a map of strings defined in
{{{}cassandra.yaml{}}}. This enables an user to conveniently define and
configure it's own Authenticator directly in {{{}cassandra.yaml{}}}.
This configuration mechanism is currently enabled for {{Authenticator}} and
{{CIDRAuthorizer}} implementations only but not for {{{}Authorizer{}}},
{{{}RoleManager{}}}, and {{{}NetworkAuthorizer{}}}.
To enable an user to set and configure custom authentication/authorization we
should enable the same parameter options for all {{{}Authorizer{}}},
{{{}RoleManager{}}}, and {{NetworkAuthorizer}} implementations. This can be
achieved by enabling all those implementations via {{{}ParameterizedClass{}}}.
From an user point of view, configuring existent authenticators/authorizators
will have no visible changes.
> Allow configuration parameters for IAuthorizer, INetworkAuthorizer, and
> IRoleManager
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-19946
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19946
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Tiago L. Alves
> Priority: Normal
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The implementation of custom authentication / authorization can be achieved
> by implementing {{{}IAuthenticator{}}}, {{{}IAuthorizer{}}},
> {{{}IRoleManager{}}}, and other interfaces and configured in
> {{{}cassandra.yaml{}}}.
> {{IAuthenticator}} implementations, for instance, can additionally read extra
> configuration parameters via a map of strings defined in
> {{{}cassandra.yaml{}}}.
> Examples of valid configurations are:
> {code:java}
> authenticator: com.example.auth.CustomAuthenticator{code}
> or
> {code:java}
> authenticator:
> class_name : com.example.auth.CustomAuthenticator
> parameters :
> param1 : value1
> param2 : value2{code}
> This enables a C* admin to conveniently define and parameterize it's own
> custom Authenticator directly in {{{}cassandra.yaml{}}}.
> This parameterization is currently enabled for {{Authenticator}} and
> {{CIDRAuthorizer}} implementations only and is missing for
> {{{}Authorizer{}}}, {{{}RoleManager{}}}, and {{NetworkAuthorizer.}}
> To enable a C* admin to set and parameterize custom
> authentication/authorization implementations we should enable parametrization
> of all {{{}Authorizer{}}}, {{{}RoleManager{}}}, and {{NetworkAuthorizer}}
> implementations. This can be achieved by instantiating all auth-related
> implementations via {{{}ParameterizedClass{}}}.
> From an user point of view, configuring existent authenticators/authorizators
> will have no visible changes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
