osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication with Java driver


Thanks Andrew, Ben,

My application creates a lot of instances connecting to Cassandra with basically the same set of credentials.
After an instance connects to Cassandra with the credentials, can any instance connect to Cassandra without credentials?

== example ==
A first = new A("database", "user", "password");  // proper credentials
r = first.get();
...
A other = new A("database", "user", "pass"); // wrong password
r = other.get();
== example ==

I want to refuse the `other` instance with improper credentials.

Yuji
 

On Wed, Feb 8, 2017 at 4:11 AM, Ben Bromhead <ben@xxxxxxxxxxxxxxx> wrote:
What are you specifically trying to achieve? Are you trying to authenticate multiple Cassandra users from a single application instance? Or will your have lot's of application instances connecting to Cassandra using the same set of credentials? Or a combination of both? Multiple application instances with different credentials?

On Tue, 7 Feb 2017 at 06:19 Andrew Tolbert <andrew.tolbert@xxxxxxxxxxxx> wrote:
Hello,

The API seems kind of not correct because credentials should be
usually set with a session but actually they are set with a cluster.

With the datastax driver, Session is what manages connection pools to each node.  Cluster manages configuration and a separate connection ('control connection') to subscribe to state changes (schema changes, node topology changes, node up/down events).


So, if there are 1000 clients, then with this API it has to create
1000 cluster instances ?

I'm unsure how common it is for per-user authentication to be done when connecting to the database.  I think an application would normally authenticate with one set of credentials instead of multiple.  The protocol Cassandra uses does authentication at the connection level instead of at the request level, so that is currently a limitation to support something like reusing Sessions for authenticating multiple users.

Thanks,
Andy
 

On Tue, Feb 7, 2017 at 7:19 AM Hiroyuki Yamada <mogwaing@xxxxxxxxx> wrote:
Hi,

The API seems kind of not correct because credentials should be
usually set with a session but actually they are set with a cluster.

So, if there are 1000 clients, then with this API it has to create
1000 cluster instances ?
1000 clients seems usual if there are many nodes (say 20) and each
node has some concurrency (say 50),
but 1000 cluster instances seems too many.

Is this an expected way to do this ? or
Is there any way to authenticate per session ?

Thanks,
Hiro

On Tue, Feb 7, 2017 at 11:38 AM, Yuji Ito <yuji@xxxxxxxxxxxxxxx> wrote:
> Hi all,
>
> I want to know how to authenticate Cassandra users for multiple instances
> with Java driver.
> For instance, each thread creates a instance to access Cassandra with
> authentication.
>
> As the implementation example, only the first constructor builds a cluster
> and a session.
> Other constructors use them.
> This example is implemented according to the datastax document: "Basically
> you will want to share the same cluster and session instances across your
> application".
> http://www.datastax.com/dev/blog/4-simple-rules-when-using-the-datastax-drivers-for-cassandra
>
> However, other constructors don't authenticate the user and the password.
> That's because they don't need to build a cluster and a session.
>
> So, should I create a cluster and a session per instance for the
> authentication?
> If yes, can I create a lot of instances(clusters and sessions) to access C*
> concurrently?
>
> == example ==
> public class A {
>   private static Cluster cluster = null;
>   private static Map<String, Session> sessions = null;
>   private Session session;
>
>   public A (String keyspace, String user, String password) {
>     if (cluster == null) {
>         builder = Cluster.builder();
>         ...
>         builder = builder.withCredentials(user, password);
>         cluster = builder.build();
>     }
>     session = sessions.get(keyspace);
>     if (session == null) {
>         session = cluster.connection(keyspace);
>         sessions.put(keyspace, session)
>     }
>     ...
>   }
>   ...
>   public ResultSet update(...) {
>   ...
>   public ResultSet get(...) {
>   ...
> }
> == example ==
>
> Thanks,
> Yuji
--
Ben Bromhead
CTO | Instaclustr
Managed Cassandra / Spark on AWS, Azure and Softlayer