cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michał Michalski (JIRA) <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-4933) SimpleAuthority is incompatible with new Permissions and "resources lists"
Date Fri, 09 Nov 2012 07:42:12 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-4933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493799#comment-13493799
] 

Michał Michalski commented on CASSANDRA-4933:
---------------------------------------------

OK, I get it.
Yeah, you need to have my "luck" to pick the only recent SimpleAuthenticator-uncompatible
Cassandra release (because, as I understand, 1.1.5 was fine and 1.1.7 will be fine as the
changes will be reverted?) :D
Thanks for info :)
                
> SimpleAuthority is incompatible with new Permissions and "resources lists"
> --------------------------------------------------------------------------
>
>                 Key: CASSANDRA-4933
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-4933
>             Project: Cassandra
>          Issue Type: Bug
>    Affects Versions: 1.1.6
>         Environment: Previously 1.1.0 + Authentication patch CASSANDRA-4155 (working).
> Currently: 1.1.6 (not working)
>            Reporter: Michał Michalski
>            Assignee: Michał Michalski
>            Priority: Trivial
>         Attachments: cassandra-1.1.6-issue-4933.txt
>
>
> Commit aba5a37650232dbf10b505c04b257f73b6c9b579 by Pavel Yaskevich introduced some significant
changes in Permissions system. Except new permission types, also resource hierarchy has changed
- previously creating a keyspace was requesting for for WRITE permission for /cassandra/keyspaces.
Now it requests for CREATE permission for /cassandra/keyspaces/<new-keyspace-name>.
This change brakes the SimpleAuthority code that relies on the length of the resource list
which differs now - we cannot distinguish operations that modify keyspaces (perviously: resource
list of length 2; currently: 3) from these ones that read it or so (resource list of length
3).
> I've prepared a patch that fixes it in the way that I understand it should work now (comment
in 1.1.6's IAuthority.java is out of date and refers to old READ/WRITE permissions only).

> Yes, I know that SimpleAuth(enticator/ority) are deprecated, should not be used in production
and so on, but even if they are unsufficient as a protection from external threats, they're
still good enough in our case as a very basic protection from accidental changes made by developers
;) 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message