Astyanax和Cassandra之间的安全通信

Question

有没有人想出一种方法来保护Cassandra和Astyanax客户端之间的通信？ SSL最好能够做到客户端证书身份验证+加密...

Answer 1

我会假设你已经启用了SSL的卡桑德拉和具有密钥库文件，如果没有充分博客上enabling SSL in Astyanax here.

当您构建Keyspace上下文时，您需要将密钥库文件和密码传递给Astyanax：

AstyanaxContext<Keyspace> ctx = new AstyanaxContext.Builder() 
    .forKeyspace("MyKeyspace") 
    // Config parameters 
    .withConnectionPoolConfiguration(
     new com.netflix.astyanax.connectionpool.impl.ConnectionPoolConfigurationImpl("MyConnectionPool") 
     .setSeeds("127.0.0.1") 
     .setSSLConnectionContext(
      new SSLConnectionContext(
      "/path/to/certificate/cassandra_external_trust.jks", // tell Astyanax the fully qualified path to the keystore file C* is using 
      "somePassword")))         // supply the keystore file's password too 
    .buildKeyspace(ThriftFamilyFactory.getInstance()); 
ctx.start();