accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3939) Accumulo AuditedSecurityOperation is not initialized properly
Date Wed, 22 Jul 2015 22:26:04 GMT


Christopher Tubbs commented on ACCUMULO-3939:

Patch looks okay. Might generate a findbugs warning due to name shadowing of the method name.
Just need to add an exception to findbugs if it does.

The larger question is whether we should do a release of 1.5.4 to implement this fix for 1.5.
We'll probably want to discuss that on the mailing list, but one question I have, which might
help inform that conversation:

* Is there a workaround? (for example, can audit logs be controlled with regular log4j initialization?)

> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>                 Key: ACCUMULO-3939
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Priority: Critical
>              Labels: easyfix
>         Attachments: ACCUMULO-3939.patch, generic_logger.xml
> While reading the source I found out that the AuditedSecurityOperation is never initialized
> The AuditSecurityOperation does not contain a getInstance() static method. This in turn
just calls the SecurityOperation getInstance() method. Because this is called in a static
manner the getInstance(String instanceId, boolean initialize) is called against the SecurityOperation
class not the AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the AuditedSecurityOperation
> This is critical as we are in need of this security auditing to meet Information Assurance
requirements for an upcoming major release of our software.

This message was sent by Atlassian JIRA

View raw message