Sam Tunnicliffe created CASSANDRA-15089:
-------------------------------------------
Summary: CassandraNetworkAuthorizer::authorize should get role
details from Roles, not directly from IRoleManager
Key: CASSANDRA-15089
URL: https://issues.apache.org/jira/browse/CASSANDRA-15089
Project: Cassandra
Issue Type: Bug
Components: Feature/Authorization
Reporter: Sam Tunnicliffe
Assignee: Sam Tunnicliffe
If the network permissions cache doesn't contain any entry for a role, the
authorize method is invoked on the configured INetworkAuthorizer. In the case
of CassandraNetworkAuthorizer, this immediately checks whether the role in
question has the LOGIN privilege set. It does this using the configured
IRoleManager directly, which causes a read from the underlying table in
system_auth. It should fetch the flag from Roles::canLogin, which uses the
RolesCache, falling back to the IRoleManager if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
