[
https://issues.apache.org/jira/browse/CASSANDRA-13396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16069133#comment-16069133
]
Gus Heck commented on CASSANDRA-13396:
--------------------------------------
Looking forward to the resolution of this issue in any of the following ways:
1) Don't load this security manager and policies if UDF's are configured to be
disabled
2) Handle other possible loggers conditionally (log4j2 being my case)
3) Provide an option to run with insecure UDF's ( by not installing this
security manager). Not everyone is exposing UDF's to folks they don't trust. In
some use cases it might be a feature to be able to read system properties etc.
Glancing at the discussion it sounds like this is heading towards a "break
UDF's but continue" strategy, which will also work for me since I don't need
UDF's but seems likely to trip folks.
My exact itch is documented here: https://github.com/nsoft/jesterj/issues/89
If option 1 or 3 were available, that would greatly simplify my life, because
this security manager installs policies in a class initializer and these
policies assume a codePath with a url scheme of "file" but in my case the
scheme is "onejar"... which forced me into lots of gyrations to force an early
load and then un-set your policies so that the rest of my code could have
permissions.
> Cassandra 3.10: ClassCastException in ThreadAwareSecurityManager
> ----------------------------------------------------------------
>
> Key: CASSANDRA-13396
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13396
> Project: Cassandra
> Issue Type: Bug
> Reporter: Edward Capriolo
> Assignee: Eugene Fedotov
> Priority: Minor
>
> https://www.mail-archive.com/[email protected]/msg51603.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
