Package org.apache.cassandra.auth

Class CassandraCIDRAuthorizer

java.lang.Object

org.apache.cassandra.auth.AbstractCIDRAuthorizer

org.apache.cassandra.auth.CassandraCIDRAuthorizer

All Implemented Interfaces:

ICIDRAuthorizer

public class CassandraCIDRAuthorizer
extends AbstractCIDRAuthorizer

CassandraCIDRAuthorizer is backend for CIDR authorization checks 1, Provides functionality to populate Role to CIDR permisssions cache and 2, Uses CIDR groups mapping cache as backend to lookup CIDR groups of an IP

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.cassandra.auth.ICIDRAuthorizer

ICIDRAuthorizer.CIDRAuthorizerMode

Field Summary

Fields

Modifier and Type	Field	Description
protected static CIDRGroupsMappingCache	cidrGroupsMappingCache
protected static CIDRPermissionsCache	cidrPermissionsCache

Fields inherited from class org.apache.cassandra.auth.AbstractCIDRAuthorizer

cidrAuthorizerMetrics, cidrGroupsMappingManager, cidrPermissionsManager

Constructor Summary

Constructors

Constructor	Description
CassandraCIDRAuthorizer()

Method Summary

Modifier and Type	Method	Description
boolean	hasAccessFromIp(RoleResource role, java.net.InetAddress ipAddress)	Determines does the given role has access from CIDR groups associated with given IP
void	initCaches()	Init caches held by CIDR authorizer
boolean	invalidateCidrPermissionsCache(java.lang.String roleName)	Invalidate given role from CIDR permissions cache
protected boolean	isMonitorMode()
void	loadCidrGroupsCache()	Load CIDR groups mapping cache
java.util.Set<java.lang.String>	lookupCidrGroupsForIp(java.net.InetAddress ip)	Lookup IP in CIDR groups mapping cache
void	setup()

Methods inherited from class org.apache.cassandra.auth.AbstractCIDRAuthorizer

commonSetup, dropCidrPermissionsForRole, getCidrAuthorizerMetrics, getCidrGroupsMappingManager, requireAuthorization, setCidrGroupsForRole, validateConfiguration

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

cidrPermissionsCache

protected static CIDRPermissionsCache cidrPermissionsCache

cidrGroupsMappingCache

protected static CIDRGroupsMappingCache cidrGroupsMappingCache

Constructor Detail

CassandraCIDRAuthorizer

public CassandraCIDRAuthorizer()

Method Detail

setup

public void setup()

initCaches

public void initCaches()

Description copied from interface: ICIDRAuthorizer

Init caches held by CIDR authorizer

invalidateCidrPermissionsCache

public boolean invalidateCidrPermissionsCache(java.lang.String roleName)

Description copied from interface: ICIDRAuthorizer

Invalidate given role from CIDR permissions cache

Parameters:

roleName - role to invalidate

Returns:

returns true if given role found in the cache and invalidated, false otherwise

loadCidrGroupsCache

public void loadCidrGroupsCache()

Description copied from interface: ICIDRAuthorizer

Load CIDR groups mapping cache

lookupCidrGroupsForIp

public java.util.Set<java.lang.String> lookupCidrGroupsForIp(java.net.InetAddress ip)

Description copied from interface: ICIDRAuthorizer

Lookup IP in CIDR groups mapping cache

Parameters:

ip - input IP to lookup CIDR group

Returns:

returns best matching CIDR group for this IP

isMonitorMode

protected boolean isMonitorMode()

hasAccessFromIp

public boolean hasAccessFromIp(RoleResource role,
                               java.net.InetAddress ipAddress)

Description copied from interface: ICIDRAuthorizer

Determines does the given role has access from CIDR groups associated with given IP

Parameters:

role - role to check access

ipAddress - IP of the client

Returns:

returns true if role has access from given IP, false otherwise