Package org.apache.cassandra.auth

Interface IInternodeAuthenticator

All Known Implementing Classes:

AllowAllInternodeAuthenticator, MutualTlsInternodeAuthenticator

public interface IInternodeAuthenticator

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	IInternodeAuthenticator.InternodeConnectionDirection	Enum that represents connection type of internode connection.

Method Summary

Modifier and Type	Method	Description
default boolean	authenticate(java.net.InetAddress remoteAddress, int remotePort)	Deprecated. See CASSANDRA-17661
default boolean	authenticate(java.net.InetAddress remoteAddress, int remotePort, java.security.cert.Certificate[] certificates, IInternodeAuthenticator.InternodeConnectionDirection connectionType)	Decides whether a peer is allowed to connect to this node.
default void	setupInternode()	Setup is called once upon system startup to initialize the IAuthenticator.
void	validateConfiguration()	Validates configuration of IInternodeAuthenticator implementation (if configurable).

Method Detail

authenticate

@Deprecated(since="5.0")
default boolean authenticate(java.net.InetAddress remoteAddress,
                             int remotePort)

Deprecated.

See CASSANDRA-17661

Decides whether or not a peer is allowed to connect to this node. If this method returns false, the socket will be immediately closed.

Parameters:

remoteAddress - ip address of the connecting node.

remotePort - port of the connecting node.

Returns:

true if the connection should be accepted, false otherwise.

authenticate

default boolean authenticate(java.net.InetAddress remoteAddress,
                             int remotePort,
                             java.security.cert.Certificate[] certificates,
                             IInternodeAuthenticator.InternodeConnectionDirection connectionType)

Decides whether a peer is allowed to connect to this node. If this method returns false, the socket will be immediately closed.

Default implementation calls authenticate method by IP and port method

1. If it is IP based authentication ignore the certificates & connectionType parameters in the implementation of this method. 2. For certificate based authentication like mTLS, server's identity for outbound connections is verified by the trusted root certificates in the outbound_keystore. In such cases this method may be overridden to return true when certificateType is OUTBOUND, as the authentication of the server happens during SSL Handshake.

Parameters:

remoteAddress - ip address of the connecting node.

remotePort - port of the connecting node.

certificates - peer certificates

connectionType - If the connection is inbound/outbound connection.

Returns:

true if the connection should be accepted, false otherwise.

validateConfiguration

void validateConfiguration()
                    throws ConfigurationException

Validates configuration of IInternodeAuthenticator implementation (if configurable).

Throws:

ConfigurationException - when there is a configuration error.

setupInternode

default void setupInternode()

Setup is called once upon system startup to initialize the IAuthenticator. For example, use this method to do any required initialization of the class.