cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michał Michalski (JIRA) <j...@apache.org>
Subject [jira] [Created] (CASSANDRA-4933) SimpleAuthority is incompatible with new Permissions and "resources lists"
Date Thu, 08 Nov 2012 14:17:12 GMT
Michał Michalski created CASSANDRA-4933:
-------------------------------------------

             Summary: SimpleAuthority is incompatible with new Permissions and "resources
lists"
                 Key: CASSANDRA-4933
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-4933
             Project: Cassandra
          Issue Type: Bug
         Environment: Previously 1.1.0 + Authentication patch CASSANDRA-4155 (working).
Currently: 1.1.6 (not working)
            Reporter: Michał Michalski
            Assignee: Michał Michalski
            Priority: Trivial


Commit aba5a37650232dbf10b505c04b257f73b6c9b579 by Pavel Yaskevich introduced some significant
changes in Permissions system. Except new permission types, also resource hierarchy has changed
- previously creating a keyspace was requesting for for WRITE permission for /cassandra/keyspaces.
Now it requests for CREATE permission for /cassandra/keyspaces/<new-keyspace-name>.
This change brakes the SimpleAuthority code that relies on the length of the resource list
which differs now - we cannot distinguish operations that modify keyspaces (perviously: resource
list of length 2; currently: 3) from these ones that read it or so (resource list of length
3).


I've prepared a patch that fixes it in the way that I understand it should work now (comment
in 1.1.6's IAuthority.java is out of date and refers to old READ/WRITE permissions only).



Yes, I know that SimpleAuth(enticator/ority) are deprecated, should not be used in production
and so on, but even if they are unsufficient as a protection from external threats, they're
still good enough in our case as a very basic protection from accidental changes made by developers
;) 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message