security feature in hector

[david]

hi

is there a security feature implemented in hector?
cassandra has a built-in SimpleAuthority class for client
authentication
& i wasn't able to find the similar class in hector

many thanx~
david

[Sameer Farooqui]

I was wondering the same thing.

Also, if it's not possible in the current version of Hector... has
anybody successfully used SimpleAuthority with Cassandra Query
Language?

CQL: http://crlog.info/2011/03/29/cassandra-query-language-aka-cql-syntax

On May 12, 1:57 am, david <iecan...@gmail.com> wrote:
> hi
>
> is there a security feature implemented in hector?

> cassandra has a built-inSimpleAuthorityclass for client

[Nate McCall]

HFactory#createKeyspace has an overloaded form that takes a
"credentials" Map as the last argument.

You can play around with authentication in CQL pretty easily. Take a
look at the authentication setup in JdbcDriverTest in Cassandra source
(drivers/java/test folder).

Caveat: if there is no authentication configured on the keyspace, the
auth parameters in the jdbc url are ignored.

[Sameer Farooqui]

I am trying to test out the SimpleAuthority feature and am running
into a problem when I do the write from Hector. I have already made
the changes to the Access/Passwd properties and YAML files. Here is
the error I get in Eclipse:

Exception in thread "main"
me.prettyprint.hector.api.exceptions.HectorException:
AuthenticationException(why:Authentication request was missing the
required key 'username')
at
me.prettyprint.cassandra.service.ExceptionsTranslatorImpl.translate(ExceptionsTranslatorImpl.java:
58)
at
me.prettyprint.cassandra.connection.HConnectionManager.operateWithFailover(HConnectionManager.java:
230)

Caused by: AuthenticationException(why:Authentication request was
missing the required key 'username')
at org.apache.cassandra.thrift.Cassandra
$login_result.read(Cassandra.java:4217)
at org.apache.cassandra.thrift.Cassandra
$Client.recv_login(Cassandra.java:412)


Looking at HFactory.java it looks like the createKeyspace method
expects the username and password to be passed in as a Map of strings:
public static Keyspace createKeyspace(String keyspace, Cluster
cluster,
ConsistencyLevelPolicy consistencyLevelPolicy,
FailoverPolicy failoverPolicy, Map<String, String> credentials)
{
return new ExecutingKeyspace(keyspace,
cluster.getConnectionManager(),
consistencyLevelPolicy, failoverPolicy, credentials);
}

(from https://github.com/rantav/hector/blob/master/core/src/main/java/me/prettyprint/hector/api/factory/HFactory.java)


Here is how I'm creating the cluster, Map and keyspace objects:

Cluster cluster = HFactory.getOrCreateCluster("Demo_Cluster_beta1",
"darknet.compute-1.amazonaws.com:9160");

Map AccessMap = new HashMap();
AccessMap.put("hal", "nodave");

Keyspace keyspace = HFactory.createKeyspace("MDR", cluster, new
AllOneConsistencyLevelPolicy(),
FailoverPolicy.ON_FAIL_TRY_ALL_AVAILABLE, AccessMap);

I'm guessing my syntax is incorrect...

Any ideas on what I can change in the Map to make this work?

- Sameer

On May 12, 10:22 am, Nate McCall <n...@datastax.com> wrote:
> HFactory#createKeyspace has an overloaded form that takes a
> "credentials" Map as the last argument.
>
> You can play around with authentication in CQL pretty easily. Take a
> look at the authentication setup in JdbcDriverTest in Cassandra source
> (drivers/java/test folder).
>
> Caveat: if there is no authentication configured on the keyspace, the
> auth parameters in the jdbc url are ignored.
>
> On Thu, May 12, 2011 at 12:07 PM, Sameer Farooqui
>
>
>
>
>
>
>
> <cassandral...@gmail.com> wrote:
> > I was wondering the same thing.
>
> > Also, if it's not possible in the current version of Hector... has

> > anybody successfully usedSimpleAuthoritywith Cassandra Query

[Nate McCall]

I think the map needs to contain 'username' and 'password' as keys
with the values set as such.

[Sameer Farooqui]

Thanks for the quick response, Nate.

I just tried this:

Map AccessMap = new HashMap();

AccessMap.put("username", "hal");
AccessMap.put("password", "nodave");

Keyspace keyspace = HFactory.createKeyspace("MDR", cluster, new
AllOneConsistencyLevelPolicy(),
FailoverPolicy.ON_FAIL_TRY_ALL_AVAILABLE, AccessMap);

..and now I get a different error:
Exception in thread "main"
me.prettyprint.hector.api.exceptions.HectorTransportException:
org.apache.thrift.protocol.TProtocolException: Required field 'value'
was not present! Struct: Column(name:52 65 61 64 69 6E 67 30,
value:null, timestamp:1305580785994000)
at
me.prettyprint.cassandra.service.ExceptionsTranslatorImpl.translate(ExceptionsTranslatorImpl.java:
30)

Caused by: org.apache.thrift.protocol.TProtocolException: Required
field 'value' was not present! Struct: Column(name:52 65 61 64 69 6E
67 30, value:null, timestamp:1305580785994000)
at org.apache.cassandra.thrift.Column.validate(Column.java:647)
at org.apache.cassandra.thrift.Column.write(Column.java:582)

It looks like the createKeyspace method, just creates a new object for
ExecutingKeyspace. I looked at ExecutingKeyspace.java at the link
below but don't see anything in the class for the credentials.

https://github.com/springpartners/hector/blob/75c187c1217551f44278e0aa565e7a883c64cf20/src/main/java/me/prettyprint/cassandra/model/ExecutingKeyspace.java


Can you help solve what I may be doing incorrectly?

[Nate McCall]

This looks sorta different: you sent a column off for insertion with
the name "Reading1" with no value.

If you got this far, you have already acquired the keyspace and
successfully authenticated to such.

[Sameer Farooqui]

Ahh, you're right. I had a bug in my write code. Hector's connection
using SimpleAuthority worked correctly.

If anybody else is having trouble connecting, this is indeed the
correct way to create the HashMap():

Map AccessMap = new HashMap();
AccessMap.put("username", "hal");
AccessMap.put("password", "nodave");

- Sameer

> >https://github.com/springpartners/hector/blob/75c187c1217551f44278e0a...

[Nate McCall]

Cool - thanks for the summary!