[ https://issues.apache.org/jira/browse/CASSANDRA-11381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15645280#comment-15645280 ]
Joel Knighton commented on CASSANDRA-11381: ------------------------------------------- Thanks for pinging me on this - as you suspected, it slipped through the cracks. On reviewing the final version of this patch, I found one problem with the 2.2+ patches. The proposed patch technically breaks the documented {{IRoleManager}}, {{IAuthenticator}}, and {{IAuthorizer}} interfaces. With the implementation given, {{doAuthSetup}} will be called twice for a node started with {{join_ring=False}}, so {{setup()}} will be called twice for the role manager, authenticator, and authorizer. In the documentation for these three public interfaces, we state that {{setup()}} will only be called once after starting a node. I think we should preserve this documented behavior. While slightly less elegant, I think we should instead track whether we've run {{doAuthSetup}} and not repeat this call for a node started with {{join_ring=False}} that is asked to join. > Node running with join_ring=false and authentication can not serve requests > --------------------------------------------------------------------------- > > Key: CASSANDRA-11381 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11381 > Project: Cassandra > Issue Type: Bug > Reporter: mck > Assignee: mck > Fix For: 2.1.x, 2.2.x, 3.0.x, 3.x > > Attachments: 11381-2.1.txt, 11381-2.2.txt, 11381-3.0.txt, > 11381-trunk.txt, dtest-11381-trunk.txt > > > Starting up a node with {{-Dcassandra.join_ring=false}} in a cluster that has > authentication configured, eg PasswordAuthenticator, won't be able to serve > requests. This is because {{Auth.setup()}} never gets called during the > startup. > Without {{Auth.setup()}} having been called in {{StorageService}} clients > connecting to the node fail with the node throwing > {noformat} > java.lang.NullPointerException > at > org.apache.cassandra.auth.PasswordAuthenticator.authenticate(PasswordAuthenticator.java:119) > at > org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:1471) > at > org.apache.cassandra.thrift.Cassandra$Processor$login.getResult(Cassandra.java:3505) > at > org.apache.cassandra.thrift.Cassandra$Processor$login.getResult(Cassandra.java:3489) > at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) > at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) > at com.thinkaurelius.thrift.Message.invoke(Message.java:314) > at > com.thinkaurelius.thrift.Message$Invocation.execute(Message.java:90) > at > com.thinkaurelius.thrift.TDisruptorServer$InvocationHandler.onEvent(TDisruptorServer.java:695) > at > com.thinkaurelius.thrift.TDisruptorServer$InvocationHandler.onEvent(TDisruptorServer.java:689) > at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > {noformat} > The exception thrown from the > [code|https://github.com/apache/cassandra/blob/cassandra-2.0.16/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java#L119] > {code} > ResultMessage.Rows rows = > authenticateStatement.execute(QueryState.forInternalCalls(), new > QueryOptions(consistencyForUser(username), > > Lists.newArrayList(ByteBufferUtil.bytes(username)))); > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)