Defer initialization of default RoleManager until IAuthenticator is set Patch by Sam Tunnicliffe and Carl Yeksigian; reviewed by Jonathan Ellis for CASSANDRA-10209
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/0c0f1ff1 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/0c0f1ff1 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/0c0f1ff1 Branch: refs/heads/trunk Commit: 0c0f1ff1b1051627f38a8bf6cb0776241586dfce Parents: dae2045 Author: Sam Tunnicliffe <s...@beobal.com> Authored: Thu Aug 27 20:21:17 2015 +0100 Committer: Sam Tunnicliffe <s...@beobal.com> Committed: Tue Sep 8 10:17:53 2015 +0100 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../org/apache/cassandra/config/DatabaseDescriptor.java | 6 +++++- src/java/org/apache/cassandra/service/ClientState.java | 10 +++++++--- 3 files changed, 13 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/0c0f1ff1/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 7ac7b23..5dffb9b 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.2.2 + * Handle missing RoleManager in config after upgrade to 2.2 (CASSANDRA-10209) * Retry snapshot deletion after compaction and gc on Windows (CASSANDRA-10222) * Fix failure to start with space in directory path on Windows (CASSANDRA-10239) * Fix repair hang when snapshot failed (CASSANDRA-10057) http://git-wip-us.apache.org/repos/asf/cassandra/blob/0c0f1ff1/src/java/org/apache/cassandra/config/DatabaseDescriptor.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java index b7e3eaa..423185b 100644 --- a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java +++ b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java @@ -87,7 +87,9 @@ public class DatabaseDescriptor private static IAuthenticator authenticator = new AllowAllAuthenticator(); private static IAuthorizer authorizer = new AllowAllAuthorizer(); - private static IRoleManager roleManager = new CassandraRoleManager(); + // Don't initialize the role manager until applying config. The options supported by CassandraRoleManager + // depend on the configured IAuthenticator, so defer creating it until that's been set. + private static IRoleManager roleManager; private static IRequestScheduler requestScheduler; private static RequestSchedulerId requestSchedulerId; @@ -325,6 +327,8 @@ public class DatabaseDescriptor if (conf.role_manager != null) roleManager = FBUtilities.newRoleManager(conf.role_manager); + else + roleManager = new CassandraRoleManager(); if (authenticator instanceof PasswordAuthenticator && !(roleManager instanceof CassandraRoleManager)) throw new ConfigurationException("CassandraRoleManager must be used with PasswordAuthenticator", false); http://git-wip-us.apache.org/repos/asf/cassandra/blob/0c0f1ff1/src/java/org/apache/cassandra/service/ClientState.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java index a8e13d1..a15fa5c 100644 --- a/src/java/org/apache/cassandra/service/ClientState.java +++ b/src/java/org/apache/cassandra/service/ClientState.java @@ -29,6 +29,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.apache.cassandra.auth.*; +import org.apache.cassandra.config.Config; import org.apache.cassandra.config.DatabaseDescriptor; import org.apache.cassandra.config.Schema; import org.apache.cassandra.cql3.QueryHandler; @@ -64,9 +65,12 @@ public class ClientState for (String cf : Iterables.concat(Arrays.asList(SystemKeyspace.LOCAL, SystemKeyspace.PEERS), LegacySchemaTables.ALL)) READABLE_SYSTEM_RESOURCES.add(DataResource.table(SystemKeyspace.NAME, cf)); - PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthenticator().protectedResources()); - PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthorizer().protectedResources()); - PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getRoleManager().protectedResources()); + if (!Config.isClientMode()) + { + PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthenticator().protectedResources()); + PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthorizer().protectedResources()); + PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getRoleManager().protectedResources()); + } // allow users with sufficient privileges to alter KS level options on AUTH_KS and // TRACING_KS, and also to drop legacy tables (users, credentials, permissions) from