accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3939) Accumulo AuditedSecurityOperation is not initialized properly
Date Tue, 21 Jul 2015 01:25:04 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14634377#comment-14634377
] 

Josh Elser commented on ACCUMULO-3939:
--------------------------------------

So, in other words, you're saying that auditing of security operations doesn't actually happen?
Seems odd, I was fairly certain we had tests for this. I remember specifically testing this
back in the 1.5.1 timeframe. I'd be surprised if we changed anything surrounding this since
then, but it's certainly possible.

Copying what the code appears to be doing now does seem to indicate that it wouldn't work,
but I'm not 100% convinced I did a completely valid verification.

Can you please verify that you are in fact not seeing audit messages when you configure the
auditing? (change the level in auditLog.xml to INFO from OFF)

If this is broken, we can look at rolling a 1.5.4 right away since our last poll of the community
via the mailing lists indicate no one was looking for more bug fix releases on 1.5

> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>
>                 Key: ACCUMULO-3939
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3939
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Priority: Critical
>              Labels: easyfix
>
> While reading the source I found out that the AuditedSecurityOperation is never initialized
properly.
> The AuditSecurityOperation does not contain a getInstance() static method. This in turn
just calls the SecurityOperation getInstance() method. Because this is called in a static
manner the getInstance(String instanceId, boolean initialize) is called against the SecurityOperation
class not the AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the AuditedSecurityOperation
class.
> This is critical as we are in need of this security auditing to meet Information Assurance
requirements for an upcoming major release of our software.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message