com.datastax.driver.core

Interface Authenticator

All Known Implementing Classes:

KerberosAuthenticator

public interface Authenticator

Handles SASL authentication with Cassandra servers.

Each time a new connection is created and the server requires authentication, a new instance of this class will be created by the corresponding AuthProvider to handle that authentication. The lifecycle of that new Authenticator will be:

1. The initialResponse method will be called. The initial return value will be sent to the server to initiate the handshake.
2. The server will respond to each client response by either issuing a challenge or indicating that the authentication is complete (successfully or not). If a new challenge is issued, the authenticator evaluateChallenge method will be called to produce a response that will be sent to the server. This challenge/response negotiation will continue until the server responds that authentication is successful (or an AuthenticationException is raised).
3. When the server indicates that authentication is successful, the onAuthenticationSuccess method will be called with the last information that the server may optionally have sent.

The exact nature of the negotiation between client and server is specific to the authentication mechanism configured server side.

Method Summary

Modifier and Type	Method and Description
byte[]	evaluateChallenge(byte[] challenge) Evaluate a challenge received from the Server.
byte[]	initialResponse() Obtain an initial response token for initializing the SASL handshake
void	onAuthenticationSuccess(byte[] token) Called when authentication is successful with the last information optionally sent by the server.

Method Detail

initialResponse

byte[] initialResponse()

Obtain an initial response token for initializing the SASL handshake

Returns:

the initial response to send to the server, may be null

evaluateChallenge

byte[] evaluateChallenge(byte[] challenge)

Evaluate a challenge received from the Server. Generally, this method should return null when authentication is complete from the client perspective

Parameters:

challenge - the server's SASL challenge

Returns:

updated SASL token, may be null to indicate the client requires no further action

onAuthenticationSuccess

void onAuthenticationSuccess(byte[] token)

Called when authentication is successful with the last information optionally sent by the server.

Parameters:

token - the information sent by the server with the authentication successful message. This will be null if the server sends no particular information on authentication success.