Package org.apache.cassandra.auth
Interface IInternodeAuthenticator
-
- All Known Implementing Classes:
AllowAllInternodeAuthenticator
,MutualTlsInternodeAuthenticator
public interface IInternodeAuthenticator
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static class
IInternodeAuthenticator.InternodeConnectionDirection
Enum that represents connection type of internode connection.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods Modifier and Type Method Description default boolean
authenticate(java.net.InetAddress remoteAddress, int remotePort)
Deprecated.See CASSANDRA-17661default boolean
authenticate(java.net.InetAddress remoteAddress, int remotePort, java.security.cert.Certificate[] certificates, IInternodeAuthenticator.InternodeConnectionDirection connectionType)
Decides whether a peer is allowed to connect to this node.default void
setupInternode()
Setup is called once upon system startup to initialize the IAuthenticator.void
validateConfiguration()
Validates configuration of IInternodeAuthenticator implementation (if configurable).
-
-
-
Method Detail
-
authenticate
@Deprecated(since="5.0") default boolean authenticate(java.net.InetAddress remoteAddress, int remotePort)
Deprecated.See CASSANDRA-17661Decides whether or not a peer is allowed to connect to this node. If this method returns false, the socket will be immediately closed.- Parameters:
remoteAddress
- ip address of the connecting node.remotePort
- port of the connecting node.- Returns:
- true if the connection should be accepted, false otherwise.
-
authenticate
default boolean authenticate(java.net.InetAddress remoteAddress, int remotePort, java.security.cert.Certificate[] certificates, IInternodeAuthenticator.InternodeConnectionDirection connectionType)
Decides whether a peer is allowed to connect to this node. If this method returns false, the socket will be immediately closed.Default implementation calls authenticate method by IP and port method
1. If it is IP based authentication ignore the certificates & connectionType parameters in the implementation of this method. 2. For certificate based authentication like mTLS, server's identity for outbound connections is verified by the trusted root certificates in the outbound_keystore. In such cases this method may be overridden to return true when certificateType is OUTBOUND, as the authentication of the server happens during SSL Handshake.
- Parameters:
remoteAddress
- ip address of the connecting node.remotePort
- port of the connecting node.certificates
- peer certificatesconnectionType
- If the connection is inbound/outbound connection.- Returns:
- true if the connection should be accepted, false otherwise.
-
validateConfiguration
void validateConfiguration() throws ConfigurationException
Validates configuration of IInternodeAuthenticator implementation (if configurable).- Throws:
ConfigurationException
- when there is a configuration error.
-
setupInternode
default void setupInternode()
Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to do any required initialization of the class.
-
-