Revision as of 20:52, November 23, 2016 by KrisMcG (talk | contribs) (Configure Cassandra)
Jump to: navigation, search

Cassandra authentication

Web Services supports Cassandra authentication.

Configure Cassandra

Procedure

  1. Change the authenticator option in the cassandra.yaml to PasswordAuthenticator. By default, the authenticator option is set to AllowAllAuthenticator.
authenticator: PasswordAuthenticator
  1. Increase the replication factor for the system_auth keyspace to N (number of nodes). If you use the default, 1, and the node with the lone replica goes down, you will not be able to log into the cluster because the system_auth keyspace was not replicated.
  2. Restart the Cassandra client. The default superuser name and password that you use to start the client is stored in Cassandra.
<client startup string> -u cassandra -p cassandra
  1. Start cqlsh using the superuser name and password.
./cqlsh -u cassandra -p cassandra
  1. Create another superuser, not named cassandra. This step is optional but highly recommended.
  2. Log in as that new superuser.
  3. Change the cassandra user password to something long and incomprehensible, and then forget about it. It won't be used again.
  4. Take away the cassandra user's superuser status.
  5. Use the CQL statements listed previously to set up user accounts and then grant permissions to access the database objects.

Web Services configuration

To support Cassandra authentication appropriate credentials should be provided to application.yaml 

cassandraCluster:
  thrift_port: 9160
  jmx_port: 7199
  keyspace: sipfs
  ...
  userName: <super user name>
  password: <super user password>
  ...

To save backward compatible behavior if userName and/or password is not provided GWS will try to connect to Cassandra in anonymous way.

Implementation

In CassandraClusterHA class inside initCluster method ConnectionPoolConfigurationImpl object instance should be extended in following way: 

ConnectionPoolConfigurationImpl connectionPoolConfiguration = new ConnectionPoolConfigurationImpl("myConnection")
	.setPort(cassandraClusterSettings.getThriftPort())
	.setMaxConnsPerHost(cassandraClusterSettings.getMaxConnectionsPerHost())
	.setMaxConns(cassandraClusterSettings.getMaxConnections())
	.setMaxPendingConnectionsPerHost(cassandraClusterSettings.getMaxPendingConnectionsPerHost())
	.setMaxBlockedThreadsPerHost(cassandraClusterSettings.getMaxBlockedThreadsPerHost());
			
if (StringUtils.isNotBlank(cassandraClusterSettings.getUserName()) &&
	StringUtils.isNotBlank(cassandraClusterSettings.getPassword()))
{
	connectionPoolConfiguration.setAuthenticationCredentials(
		new SimpleAuthenticationCredentials(cassandraClusterSettings.getUserName(), cassandraClusterSettings.getPassword()));
}
Comments or questions about this documentation? Contact us for support!