[
https://issues.apache.org/jira/browse/CASSANDRA-15089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sam Tunnicliffe updated CASSANDRA-15089:
----------------------------------------
Source Control Link:
https://github.com/apache/cassandra/commit/149caf01e08f58f306ff51379ab189c7a4b1ca6d
Since Version: 4.0
Status: Resolved (was: Ready to Commit)
Resolution: Fixed
Thanks, committed to trunk in {{149caf01e08f58f306ff51379ab189c7a4b1ca6d}}
> CassandraNetworkAuthorizer::authorize should get role details from Roles, not
> directly from IRoleManager
> --------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-15089
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15089
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
> Reporter: Sam Tunnicliffe
> Assignee: Sam Tunnicliffe
> Priority: Normal
> Fix For: 4.0
>
>
> If the network permissions cache doesn't contain any entry for a role, the
> authorize method is invoked on the configured INetworkAuthorizer. In the case
> of CassandraNetworkAuthorizer, this immediately checks whether the role in
> question has the LOGIN privilege set. It does this using the configured
> IRoleManager directly, which causes a read from the underlying table in
> system_auth. It should fetch the flag from Roles::canLogin, which uses the
> RolesCache, falling back to the IRoleManager if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
