DseGSSAPIAuthProvider (Java driver for DataStax Enterprise 1.0.0 API)

java.lang.Object
- com.datastax.driver.dse.auth.DseGSSAPIAuthProvider

All Implemented Interfaces:

AuthProvider

Direct Known Subclasses:

DseAuthProvider
```
public class DseGSSAPIAuthProvider
extends Object
implements AuthProvider
```
AuthProvider that provides GSSAPI authenticator instances for clients to connect to DSE clusters secured with DseAuthenticator.
To create a cluster using this auth provider, declare the following:
```
 Cluster cluster = Cluster.builder()
                          .addContactPoint(hostname)
                          .withAuthProvider(new DseGSSAPIAuthProvider())
                          .build();
 
```
Kerberos Authentication
Keytab and ticket cache settings are specified using a standard JAAS configuration file. The location of the file can be set using the java.security.auth.login.config system property or by adding a login.config.url.n entry in the java.security properties file.
Alternatively a Configuration object can be provided using DseGSSAPIAuthProvider(Configuration) to set the JAAS configuration programmatically.
See the following documents for further details:
1. JAAS Login Configuration File;
2. JAAS Authentication Tutorial for more on JAAS in general.
Authentication using ticket cache
Run kinit to obtain a ticket and populate the cache before connecting. JAAS config:
```
 DseClient {
   com.sun.security.auth.module.Krb5LoginModule required
     useTicketCache=true
     renewTGT=true;
 };
 
```
Authentication using a keytab file
To enable authentication using a keytab file, specify its location on disk. If your keytab contains more than one principal key, you should also specify which one to select.
```
 DseClient {
     com.sun.security.auth.module.Krb5LoginModule required
       useKeyTab=true
       keyTab="/path/to/file.keytab"
       principal="user@MYDOMAIN.COM";
 };
 
```
Specifying SASL protocol name
The SASL protocol name used by this auth provider defaults to ""dse"".
Important: the SASL protocol name should match the username of the Kerberos service principal used by the DSE server. This information is specified in the dse.yaml file by the service_principal option under the kerberos_options section, and may vary from one DSE installation to another – especially if you installed DSE with an automated package installer.
For example, if your dse.yaml file contains the following:
```
 kerberos_options:
     ...
     service_principal: cassandra/my.host.com@MY.REALM.COM
 
```
The correct SASL protocol name to use when authenticating against this DSE server is "cassandra".
Should you need to change the SASL protocol name, use one of the methods below:
1. Specify the protocol name via one of the following constructors: DseGSSAPIAuthProvider(String) or DseGSSAPIAuthProvider(Configuration, String);
2. Specify the protocol name with the dse.sasl.protocol system property when starting your application, e.g. -Ddse.sasl.protocol=cassandra.
If a non-null SASL protocol name is provided to the aforementioned constructors, that name takes precedence over the contents of the dse.sasl.protocol system property.
See Also:

Authenticating a DSE cluster with Kerberos

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`DEFAULT_SASL_PROTOCOL_NAME` The default SASL protocol name used by this auth provider.
`static String`	`SASL_PROTOCOL_NAME_PROPERTY` The name of the system property to use to specify the SASL protocol name.

Fields inherited from interface com.datastax.driver.core.AuthProvider
NONE

Constructor Summary

Constructors
Constructor and Description
`DseGSSAPIAuthProvider()` Creates an instance of `DseGSSAPIAuthProvider` with default login configuration options and default SASL protocol name ("dse").
`DseGSSAPIAuthProvider(Configuration loginConfiguration)` Creates an instance of `DseGSSAPIAuthProvider` with the given login configuration and default SASL protocol name ("dse").
`DseGSSAPIAuthProvider(Configuration loginConfiguration, String saslProtocol)` Creates an instance of `DseGSSAPIAuthProvider` with the given login configuration and the given SASL protocol name.
`DseGSSAPIAuthProvider(String saslProtocol)` Creates an instance of `DseGSSAPIAuthProvider` with default login configuration and the given SASL protocol name.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`Authenticator`	`newAuthenticator(InetSocketAddress host, String authenticator)` The `Authenticator` to use when connecting to `host`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DEFAULT_SASL_PROTOCOL_NAME
```
public static final String DEFAULT_SASL_PROTOCOL_NAME
```
    The default SASL protocol name used by this auth provider.
    
    See Also:
    
    Constant Field Values
  - SASL_PROTOCOL_NAME_PROPERTY
```
public static final String SASL_PROTOCOL_NAME_PROPERTY
```
    The name of the system property to use to specify the SASL protocol name.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - DseGSSAPIAuthProvider
```
public DseGSSAPIAuthProvider()
```
    Creates an instance of DseGSSAPIAuthProvider with default login configuration options and default SASL protocol name ("dse").
  - DseGSSAPIAuthProvider
```
public DseGSSAPIAuthProvider(Configuration loginConfiguration)
```
    Creates an instance of DseGSSAPIAuthProvider with the given login configuration and default SASL protocol name ("dse").
    
    Parameters:
    
    loginConfiguration - The login configuration to use to create a LoginContext.
  - DseGSSAPIAuthProvider
```
public DseGSSAPIAuthProvider(String saslProtocol)
```
    Creates an instance of DseGSSAPIAuthProvider with default login configuration and the given SASL protocol name.
    
    Parameters:
    
    saslProtocol - The SASL protocol name to use; should match the username of the Kerberos service principal used by the DSE server.
  - DseGSSAPIAuthProvider
```
public DseGSSAPIAuthProvider(Configuration loginConfiguration,
                             String saslProtocol)
```
    Creates an instance of DseGSSAPIAuthProvider with the given login configuration and the given SASL protocol name.
    
    Parameters:
    
    loginConfiguration - The login configuration to use to create a LoginContext.
    
    saslProtocol - The SASL protocol name to use; should match the username of the Kerberos service principal used by the DSE server.
- Method Detail
  - newAuthenticator
```
public Authenticator newAuthenticator(InetSocketAddress host,
                                      String authenticator)
                               throws AuthenticationException
```
    Description copied from interface: AuthProvider
    
    The Authenticator to use when connecting to host
    
    Specified by:
    
    newAuthenticator in interface AuthProvider
    
    Parameters:
    
    host - the Cassandra host to connect to.
    
    authenticator - the configured authenticator on the host.
    
    Returns:
    
    The authentication implementation to use.
    
    Throws:
    
    AuthenticationException

Class DseGSSAPIAuthProvider

Kerberos Authentication

Authentication using ticket cache

Authentication using a keytab file

Specifying SASL protocol name

Field Summary

Fields inherited from interface com.datastax.driver.core.AuthProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

DEFAULT_SASL_PROTOCOL_NAME

SASL_PROTOCOL_NAME_PROPERTY

Constructor Detail

DseGSSAPIAuthProvider

DseGSSAPIAuthProvider

DseGSSAPIAuthProvider

DseGSSAPIAuthProvider

Method Detail

newAuthenticator