Michał Michalski created CASSANDRA-4933:
-------------------------------------------
Summary: SimpleAuthority is incompatible with new Permissions and "resources
lists"
Key: CASSANDRA-4933
URL: https://issues.apache.org/jira/browse/CASSANDRA-4933
Project: Cassandra
Issue Type: Bug
Environment: Previously 1.1.0 + Authentication patch CASSANDRA-4155 (working).
Currently: 1.1.6 (not working)
Reporter: Michał Michalski
Assignee: Michał Michalski
Priority: Trivial
Commit aba5a37650232dbf10b505c04b257f73b6c9b579 by Pavel Yaskevich introduced some significant
changes in Permissions system. Except new permission types, also resource hierarchy has changed
- previously creating a keyspace was requesting for for WRITE permission for /cassandra/keyspaces.
Now it requests for CREATE permission for /cassandra/keyspaces/<new-keyspace-name>.
This change brakes the SimpleAuthority code that relies on the length of the resource list
which differs now - we cannot distinguish operations that modify keyspaces (perviously: resource
list of length 2; currently: 3) from these ones that read it or so (resource list of length
3).
I've prepared a patch that fixes it in the way that I understand it should work now (comment
in 1.1.6's IAuthority.java is out of date and refers to old READ/WRITE permissions only).
Yes, I know that SimpleAuth(enticator/ority) are deprecated, should not be used in production
and so on, but even if they are unsufficient as a protection from external threats, they're
still good enough in our case as a very basic protection from accidental changes made by developers
;)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|