Michał Michalski created CASSANDRA-4933:
-------------------------------------------
Summary: SimpleAuthority is incompatible with new Permissions and
"resources lists"
Key: CASSANDRA-4933
URL: https://issues.apache.org/jira/browse/CASSANDRA-4933
Project: Cassandra
Issue Type: Bug
Environment: Previously 1.1.0 + Authentication patch CASSANDRA-4155
(working).
Currently: 1.1.6 (not working)
Reporter: Michał Michalski
Assignee: Michał Michalski
Priority: Trivial
Commit aba5a37650232dbf10b505c04b257f73b6c9b579 by Pavel Yaskevich introduced
some significant changes in Permissions system. Except new permission types,
also resource hierarchy has changed - previously creating a keyspace was
requesting for for WRITE permission for /cassandra/keyspaces. Now it requests
for CREATE permission for /cassandra/keyspaces/<new-keyspace-name>. This change
brakes the SimpleAuthority code that relies on the length of the resource list
which differs now - we cannot distinguish operations that modify keyspaces
(perviously: resource list of length 2; currently: 3) from these ones that read
it or so (resource list of length 3).
I've prepared a patch that fixes it in the way that I understand it should work
now (comment in 1.1.6's IAuthority.java is out of date and refers to old
READ/WRITE permissions only).
Yes, I know that SimpleAuth(enticator/ority) are deprecated, should not be used
in production and so on, but even if they are unsufficient as a protection from
external threats, they're still good enough in our case as a very basic
protection from accidental changes made by developers ;)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
