[
https://issues.apache.org/jira/browse/CASSANDRA-15089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sam Tunnicliffe updated CASSANDRA-15089:
----------------------------------------
Test and Documentation Plan: Additional unit test added.
Status: Patch Available (was: Open)
||branch||CI||
|[15089-trunk|https://github.com/beobal/cassandra/tree/15089-trunk]|[circle|https://circleci.com/gh/beobal/workflows/cassandra/tree/cci%2F15089-trunk]|
> CassandraNetworkAuthorizer::authorize should get role details from Roles, not
> directly from IRoleManager
> --------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-15089
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15089
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
> Reporter: Sam Tunnicliffe
> Assignee: Sam Tunnicliffe
> Priority: Normal
>
> If the network permissions cache doesn't contain any entry for a role, the
> authorize method is invoked on the configured INetworkAuthorizer. In the case
> of CassandraNetworkAuthorizer, this immediately checks whether the role in
> question has the LOGIN privilege set. It does this using the configured
> IRoleManager directly, which causes a read from the underlying table in
> system_auth. It should fetch the flag from Roles::canLogin, which uses the
> RolesCache, falling back to the IRoleManager if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
