Friday, February 1, 2013

Cassandra Authentication and Authorization


Cassandra Authentication and authorization

By default, authentication is not enabled in Cassandra and anybody can access Cassandra.

Cassandra has a simple authentication & authorization mechanism by extending the below java interfaces.

org.apache.cassandra.auth.IAuthenticator.java
org.apache.cassandra.auth.IAuthority.java

In the source distribution(not in binary distribution) IAuthenticator and IAuthority interfaces are implemented in the SimpleAuthenticator project and it can be easily configurable with Cassandra. 

If you want to have your own authentication and authorization implementation you’re freely allowed to do it by extending the below interfaces.

org.apache.cassandra.auth.IAuthenticator.java
org.apache.cassandra.auth.IAuthority.java


The below steps are used to enable authentication in Cassandra.

1)       Configure cassandra.yaml
2)       Configure access.properties
3)       Configure password.properties and
4)       Cassandra.bat file in bin directory.

  
Step 1: Configure Cassandra.yaml :
           
            Authentication:
           
            Find org.apache.cassandra.auth.AllowAllAuthenticator and it should be replaced with
            org.apache.cassandra.auth.SimpleAuthenticator
           
            Authorization:

Find org.apache.cassandra.auth.AllowAllAuthorizer and it should be replaced with org.apache.cassandra.auth.SimpleAuthorizer
           
Step 2: Configure access.properties
           
            Configure the required user names,keyspace names, column family names with their                              permission level.           
            You can configure the authorization upto column family level in Cassandra.
           
            Configure keyspace permissions:
            <keyspacename>.<permission>=<username>
            murali.<rw>=admin,Cassandra # <rw> means read and write.
            Murali.<ro>=user1 #<ro> mean read only permission.
            By default all the users will have read permission for all the keyspaces. 

            Configure column family permissions:
            <keyspacename>.<columnfamilyname>.<permission>=<username>
            murali.users.<rw>=admin

Step 3: Configure password.properties 
            Add the required user and password in this file.
            <username>=<password>
cassandra = cassandra 

Step 4: Modifying JAVA_OPTS in Cassandra.bat file.
            Add the below lines to the JAVA_OPTS.
             -Dpasswd.properties=conf/passwd.properties
 -Daccess.properties=conf/access.properties

6 comments:

  1. Hi, How can we restrict users not to modify or delete tables from cassandra while conencting from JAVA API or from any other tool. I know it can be done for users who come form CQL commnad line.. is it possible to specify ip address and user/password in the connection method while connecting to Cassandra from JAVA API /ETL etc..

    ReplyDelete
  2. Hi, How can we restrict users not to modify or delete tables from cassandra while conencting from JAVA API or from any other tool. I know it can be done for users who come form CQL commnad line.. is it possible to specify ip address and user/password in the connection method while connecting to Cassandra from JAVA API /ETL etc..

    ReplyDelete
  3. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in Apache Cassandra.kindly contact us http://www.maxmunus.com/contact
    MaxMunus Offer World Class Virtual Instructor led training on Apache Cassandra. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.

    For Free Demo Contact us:
    Name : Arunkumar U
    Email : arun@maxmunus.com
    Skype id: training_maxmunus
    Contact No.-+91-9738507310
    Company Website –http://www.maxmunus.com


    ReplyDelete
  4. How to Find Username and Password of Cassandra? Contact to Cassandra Technical Support
    Well! If you are new to Cassandra Database and you do not know how to find username and password after installing it from an open source then quickly contact to Cassandra Customer Service or Apache Cassandra Support and easily solve your username and password related issues. Make sure, if it is a fresh installation then tries username Cassandra and password Cassandra, this is the default username and password. Otherwise you may get in touch with Cassandra Database Consulting and Support for quick help.
    For More Info: https://cognegicsystems.com/
    Contact Number: 1-800-450-8670
    Email Address- info@cognegicsystems.com
    Company’s Address- 507 Copper Square Drive Bethel Connecticut (USA) 06801

    ReplyDelete
  5. Considerable article, I found this resource utmost beneficial for everyone,thank you for sharing the thoughts,We at Property Hunters shifted this service to a level much higher than the broker concept. If you willing to purchase property in Qatar please visit us,you can see more details like this article Property for Sale in the Tearl Qatar

    ReplyDelete