cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Lebresne (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-4295) move checkaccess into statement.prepare
Date Fri, 13 Jul 2012 10:44:34 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-4295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13413649#comment-13413649
] 

Sylvain Lebresne commented on CASSANDRA-4295:
---------------------------------------------

The current {{IAuthority}} API is:
{noformat}
public EnumSet<Permission> authorize(AuthenticatedUser user, List<Object> resource);
{noformat}

What about changing that to something like:
{noformat}
public interface PermissionToken {}

public Pair<EnumSet<Permission>, PermissionToken> authorize(AuthenticatedUser
user, List<Object> resource);
public boolean isStillValid(PermissionToken token);
{noformat}
The semantic being that authorize would give us a token (every implementation could make that
be whatever they want) and {{isStillValid}} would validate whether the authorization that
returned the token is still valid at the time of the call to {{isStillValid}}.

Implementations that don't want to get fancy could just return null as the token and have
{{isStillValid}} return either:
- always true if an authorization is valid indefinitely
- always false to force redoing an authorization every time

And more fancier policy (like authorization is valid for X minutes only, ...) can be easily
implemented too.

Then in CQL we would call authorize during preparation and keep the token around, and during
execution we would check the validity of the token and redo the authorization only if it's
not valid anymore. It does complicate think a bit, but not too much either.

Or we just leave things like they are and consider that caching the result of authorize should
be the business of the {{IAuthority}} (I'm personally not against that). But the more I think
about it, the more I'm convince that forcing users and their access rights to be immutable
is A Bad Idea.
                
> move checkaccess into statement.prepare
> ---------------------------------------
>
>                 Key: CASSANDRA-4295
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-4295
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: API
>    Affects Versions: 1.1.0
>            Reporter: Jonathan Ellis
>            Assignee: Pavel Yaskevich
>            Priority: Minor
>             Fix For: 1.1.3
>
>         Attachments: CASSANDRA-4295.patch
>
>
> there's no need to redo this every execution since the schema, tables, and users involved
should all be immutable

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message