cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sankalp kohli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-10168) CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails
Date Mon, 24 Aug 2015 21:32:46 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-10168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14710097#comment-14710097
] 

sankalp kohli commented on CASSANDRA-10168:
-------------------------------------------

+1. 

> CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails
> --------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-10168
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10168
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>            Reporter: Vishy Kasar
>            Assignee: Vishy Kasar
>         Attachments: authorizer.patch
>
>
> The PermissionCache is refreshed in the background every permissions_update_interval_in_ms
by looking up cassandra tables. This background refresher assumes the called methods to throw
exception on cassandra failures. In such cases, it just serves the stale entry until the next
refresh happens. 
> CassandraAuthorizer.authorize is throwing exception when it fails to lookup system_auth.users
table. However when lookup on system_auth.permissions table fails, it swallows the exception
and returns PERMISSION.NONE. In that case, the cache thinks that permission was revoked for
the user  until the next refresh succeeds. All the requests to that user on that cassandra
instance fail incorrectly till the next refresh succeeds. This is bad. 
> CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails.
> I have attached a patch for cassandra 2.0 branch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message