accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Mello (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3939) Accumulo AuditedSecurityOperation is not initialized properly
Date Wed, 22 Jul 2015 22:39:04 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14637779#comment-14637779
] 

James Mello commented on ACCUMULO-3939:
---------------------------------------

||Action||Log Success||Log Failure||
|User Login| Y | Y |
|User Logout| N | N |
|Get User Authorizations| Y | Y |
|Change User Authorizations | Y | Y |
|Change User Password| Y | Y |
|Create User| Y | Y |
|Drop User| Y | Y |
|Grant SYSTEM Permissions| Y | Y |
|Grant TABLE Permissions| Y | Y |
|Revoke SYSTEM Permissions| Y | Y |
|Revoke TABLE Permissions| Y | Y |
|Create Table| N | Y |
|Drop Table| Y | Y |
|Rename Table| N | Y |
|Clone Table| N | Y |
|Compact Table | ? | Y |
|Merge Table | ? | Y |
|Offline Table | | Y |
|Online Table | | Y |

> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>
>                 Key: ACCUMULO-3939
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3939
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Priority: Critical
>              Labels: easyfix
>         Attachments: ACCUMULO-3939.patch, generic_logger.xml
>
>
> While reading the source I found out that the AuditedSecurityOperation is never initialized
properly.
> The AuditSecurityOperation does not contain a getInstance() static method. This in turn
just calls the SecurityOperation getInstance() method. Because this is called in a static
manner the getInstance(String instanceId, boolean initialize) is called against the SecurityOperation
class not the AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the AuditedSecurityOperation
class.
> This is critical as we are in need of this security auditing to meet Information Assurance
requirements for an upcoming major release of our software.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message