hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcelo Vanzin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-6393) Decouple audit event creation from storage in AccessController
Date Fri, 13 Jul 2012 18:27:36 GMT
Marcelo Vanzin created HBASE-6393:

             Summary: Decouple audit event creation from storage in AccessController
                 Key: HBASE-6393
                 URL: https://issues.apache.org/jira/browse/HBASE-6393
             Project: HBase
          Issue Type: Brainstorming
          Components: security
            Reporter: Marcelo Vanzin

Currently, AccessControler takes care of both generating audit events (by performing access
checks) and storing them (by creating a log message and writing it to the AUDITLOG logger).

This makes the logging system the only way to catch audit events. It means that if someone
wants to do something fancier (like writing these records to a database somewhere), they need
to hack through the logging system, and parse the messages generated by AccessController,
which is not optimal.

The attached patch decouples generation and storage by introducing a new interface, used by
AccessController, to log the audit events. The current, log-based storage is kept in place
so that current users won't be affected by the change.

I'm filing this as an RFC at this point, so the patch is not totally clean; it's on top of
HBase 0.92 (which is easier for me to test) and doesn't have any unit tests, for starters.
But the changes should be very similar on trunk - I don't remember changes in this particular
area of the code between those versions.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message