cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brandonwilli...@apache.org
Subject [2/6] git commit: Allow permissions cache to be set via JMX
Date Thu, 18 Sep 2014 13:53:01 GMT
Allow permissions cache to be set via JMX

Patch by brandonwilliams, reviewed by aleksey for CASSANDRA-7968


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/549f035b
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/549f035b
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/549f035b

Branch: refs/heads/cassandra-2.1
Commit: 549f035b925d6b49400667401bef96baaceb31fd
Parents: 62db990
Author: Brandon Williams <brandonwilliams@apache.org>
Authored: Thu Sep 18 06:51:22 2014 +0000
Committer: Brandon Williams <brandonwilliams@apache.org>
Committed: Thu Sep 18 06:51:22 2014 +0000

----------------------------------------------------------------------
 CHANGES.txt                                     |  1 +
 src/java/org/apache/cassandra/auth/Auth.java    | 46 +++++++++++++++++++-
 .../org/apache/cassandra/auth/AuthMBean.java    | 25 +++++++++++
 .../cassandra/config/DatabaseDescriptor.java    |  6 +++
 .../apache/cassandra/service/ClientState.java   | 31 +------------
 5 files changed, 79 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/549f035b/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 1eab20e..01d32e7 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 2.0.11:
+ * Allow permissions cache to be set via JMX (CASSANDRA-7698)
  * Include schema_triggers CF in readable system resources (CASSANDRA-7967)
  * Fix RowIndexEntry to report correct serializedSize (CASSANDRA-7948)
  * Make CQLSSTableWriter sync within partitions (CASSANDRA-7360)

http://git-wip-us.apache.org/repos/asf/cassandra/blob/549f035b/src/java/org/apache/cassandra/auth/Auth.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Auth.java b/src/java/org/apache/cassandra/auth/Auth.java
index f3fcdf0..8027db4 100644
--- a/src/java/org/apache/cassandra/auth/Auth.java
+++ b/src/java/org/apache/cassandra/auth/Auth.java
@@ -17,8 +17,12 @@
  */
 package org.apache.cassandra.auth;
 
+import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
+import com.google.common.cache.CacheBuilder;
+import com.google.common.cache.CacheLoader;
+import com.google.common.cache.LoadingCache;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import org.apache.commons.lang3.StringUtils;
@@ -39,8 +43,9 @@ import org.apache.cassandra.locator.SimpleStrategy;
 import org.apache.cassandra.service.*;
 import org.apache.cassandra.transport.messages.ResultMessage;
 import org.apache.cassandra.utils.ByteBufferUtil;
+import org.apache.cassandra.utils.Pair;
 
-public class Auth
+public class Auth implements AuthMBean
 {
     private static final Logger logger = LoggerFactory.getLogger(Auth.class);
 
@@ -51,6 +56,10 @@ public class Auth
     public static final String AUTH_KS = "system_auth";
     public static final String USERS_CF = "users";
 
+    // User-level permissions cache.
+    public static volatile LoadingCache<Pair<AuthenticatedUser, IResource>, Set<Permission>>
permissionsCache = initPermissionsCache(null);
+
+
     private static final String USERS_CF_SCHEMA = String.format("CREATE TABLE %s.%s ("
                                                                 + "name text,"
                                                                 + "super boolean,"
@@ -62,6 +71,41 @@ public class Auth
 
     private static SelectStatement selectUserStatement;
 
+    public int getPermissionsValidity()
+    {
+        return DatabaseDescriptor.getPermissionsValidity();
+    }
+
+    public void setPermissionsValidity(int timeoutInMs)
+    {
+        DatabaseDescriptor.setPermissionsValidity(timeoutInMs);
+        permissionsCache = initPermissionsCache(permissionsCache);
+    }
+
+    private static LoadingCache<Pair<AuthenticatedUser, IResource>, Set<Permission>>
initPermissionsCache(LoadingCache<Pair<AuthenticatedUser, IResource>, Set<Permission>>
oldCache)
+    {
+        if (DatabaseDescriptor.getAuthorizer() instanceof AllowAllAuthorizer)
+            return null;
+
+        int validityPeriod = DatabaseDescriptor.getPermissionsValidity();
+        if (validityPeriod <= 0)
+            return null;
+
+        LoadingCache<Pair<AuthenticatedUser, IResource>, Set<Permission>>
newCache =
+            CacheBuilder.newBuilder().expireAfterWrite(validityPeriod, TimeUnit.MILLISECONDS)
+                    .build(new CacheLoader<Pair<AuthenticatedUser, IResource>, Set<Permission>>()
+                    {
+                        public Set<Permission> load(Pair<AuthenticatedUser, IResource>
userResource)
+                        {
+                            return DatabaseDescriptor.getAuthorizer().authorize(userResource.left,
+                                    userResource.right);
+                        }
+                    });
+        if (oldCache != null)
+            newCache.putAll(oldCache.asMap());
+        return newCache;
+    }
+
     /**
      * Checks if the username is stored in AUTH_KS.USERS_CF.
      *

http://git-wip-us.apache.org/repos/asf/cassandra/blob/549f035b/src/java/org/apache/cassandra/auth/AuthMBean.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/AuthMBean.java b/src/java/org/apache/cassandra/auth/AuthMBean.java
new file mode 100644
index 0000000..5ebbe49
--- /dev/null
+++ b/src/java/org/apache/cassandra/auth/AuthMBean.java
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.cassandra.auth;
+
+public interface AuthMBean
+{
+    public int getPermissionsValidity();
+
+    public void setPermissionsValidity(int timeoutInMs);
+}

http://git-wip-us.apache.org/repos/asf/cassandra/blob/549f035b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
index 3162fd1..209d6c9 100644
--- a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
+++ b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
@@ -571,6 +571,12 @@ public class DatabaseDescriptor
         return conf.permissions_validity_in_ms;
     }
 
+    public static void setPermissionsValidity(int timeout)
+    {
+        conf.permissions_validity_in_ms = timeout;
+    }
+
+
     public static int getThriftFramedTransportSize()
     {
         return conf.thrift_framed_transport_size_in_mb * 1024 * 1024;

http://git-wip-us.apache.org/repos/asf/cassandra/blob/549f035b/src/java/org/apache/cassandra/service/ClientState.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java
index 44f2b87..38c56da 100644
--- a/src/java/org/apache/cassandra/service/ClientState.java
+++ b/src/java/org/apache/cassandra/service/ClientState.java
@@ -20,11 +20,7 @@ package org.apache.cassandra.service;
 import java.net.SocketAddress;
 import java.util.*;
 import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
 
-import com.google.common.cache.CacheBuilder;
-import com.google.common.cache.CacheLoader;
-import com.google.common.cache.LoadingCache;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Sets;
 import org.apache.commons.lang3.StringUtils;
@@ -58,9 +54,6 @@ public class ClientState
     private static final Set<IResource> READABLE_SYSTEM_RESOURCES = new HashSet<>();
     private static final Set<IResource> PROTECTED_AUTH_RESOURCES = new HashSet<>();
 
-    // User-level permissions cache.
-    private static final LoadingCache<Pair<AuthenticatedUser, IResource>, Set<Permission>>
permissionsCache = initPermissionsCache();
-
     static
     {
         // We want these system cfs to be always readable to authenticated users since many
tools rely on them
@@ -318,35 +311,15 @@ public class ClientState
         return new SemanticVersion[]{ cql, cql3 };
     }
 
-    private static LoadingCache<Pair<AuthenticatedUser, IResource>, Set<Permission>>
initPermissionsCache()
-    {
-        if (DatabaseDescriptor.getAuthorizer() instanceof AllowAllAuthorizer)
-            return null;
-
-        int validityPeriod = DatabaseDescriptor.getPermissionsValidity();
-        if (validityPeriod <= 0)
-            return null;
-
-        return CacheBuilder.newBuilder().expireAfterWrite(validityPeriod, TimeUnit.MILLISECONDS)
-                                        .build(new CacheLoader<Pair<AuthenticatedUser,
IResource>, Set<Permission>>()
-                                        {
-                                            public Set<Permission> load(Pair<AuthenticatedUser,
IResource> userResource)
-                                            {
-                                                return DatabaseDescriptor.getAuthorizer().authorize(userResource.left,
-                                                                                        
           userResource.right);
-                                            }
-                                        });
-    }
-
     private Set<Permission> authorize(IResource resource)
     {
         // AllowAllAuthorizer or manually disabled caching.
-        if (permissionsCache == null)
+        if (Auth.permissionsCache == null)
             return DatabaseDescriptor.getAuthorizer().authorize(user, resource);
 
         try
         {
-            return permissionsCache.get(Pair.create(user, resource));
+            return Auth.permissionsCache.get(Pair.create(user, resource));
         }
         catch (ExecutionException e)
         {


Mime
View raw message