cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Folke Behrens (JIRA)" <>
Subject [jira] Updated: (CASSANDRA-1237) Store AccessLevels externally to IAuthenticator
Date Thu, 29 Jul 2010 18:25:17 GMT


Folke Behrens updated CASSANDRA-1237:

    Attachment: simple-jaas-authenticator.patch

I'm sorry I deleted my patch too early. I wanted to open a new ticket but when I looked over
my code I thought that it's not ready and I want to work on it over the weekend.

The attached patch adds several classes:
- +JAASAuthenticator:+ an IAuthenticator implemention that uses a LoginContext to request
authentication against configured LoginModules. Very simple stuff.
- +SimpleLoginModule:+ LoginModule impl that could replace SimpleAuthenticator.
- +SimpleLoginModuleConfiguration:+ programmatic configuration of LoginModules.
- +User/Group:+ implementations of added by SimpleLoginModule to the
Subject that is passed from the LoginContext to all configured LoginModules.

This is only proof-of-concept code. I hope I have something cleaner and more robust ready
by Sunday.

> Store AccessLevels externally to IAuthenticator
> -----------------------------------------------
>                 Key: CASSANDRA-1237
>                 URL:
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>            Reporter: Stu Hood
>            Assignee: Stu Hood
>             Fix For: 0.7 beta 1
>         Attachments: 0001-Consolidate-KSMetaData-mutations-into-copy-methods.patch, 0002-Thrift-and-Avro-interface-changes.patch,
0003-Add-user-and-group-access-maps-to-Keyspace-metadata.patch, 0004-Remove-AccessLevel-return-value-from-login-and-retur.patch,
sample-usage.patch, simple-jaas-authenticator.patch
> Currently, the concept of authentication (proving the identity of a user) is mixed up
with permissions (determining whether a user is able to create/read/write databases). Rather
than determining the permissions that a user has, the IAuthenticator should only be capable
of authenticating a user, and permissions (specifically, an AccessLevel) should be stored
consistently by Cassandra.
> The primary goal of this ticket is to separate AccessLevels from IAuthenticators, and
to persist a map of User->AccessLevel along with:
> * EDIT: Separating the addition of 'global scope' permissions into a separate ticket
> * each keyspace, where the AccessLevel continues to have its current meaning
> ----
> In separate tickets, we would like to improve the AccessLevel structure so that it can
store role/permission bits independently, rather than being level based.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message