[jira] [Commented] (HBASE-6393) Decouple audit event creation from storage in AccessController

Thu, 02 Aug 2012 13:49:04 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-6393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13427600#comment-13427600
 ] 

Andrew Purtell commented on HBASE-6393:
---------------------------------------

bq. About CoprocessorEnvironment, I was passing that so I could get to the 
configuration, but I can easily change it so that loggers get the configuration 
object itself, instead.

I think that would be best.
                
> Decouple audit event creation from storage in AccessController
> --------------------------------------------------------------
>
>                 Key: HBASE-6393
>                 URL: https://issues.apache.org/jira/browse/HBASE-6393
>             Project: HBase
>          Issue Type: Brainstorming
>          Components: security
>    Affects Versions: 0.96.0
>            Reporter: Marcelo Vanzin
>         Attachments: hbase-6393-v1.patch
>
>
> Currently, AccessControler takes care of both generating audit events (by 
> performing access checks) and storing them (by creating a log message and 
> writing it to the AUDITLOG logger).
> This makes the logging system the only way to catch audit events. It means 
> that if someone wants to do something fancier (like writing these records to 
> a database somewhere), they need to hack through the logging system, and 
> parse the messages generated by AccessController, which is not optimal.
> The attached patch decouples generation and storage by introducing a new 
> interface, used by AccessController, to log the audit events. The current, 
> log-based storage is kept in place so that current users won't be affected by 
> the change.
> I'm filing this as an RFC at this point, so the patch is not totally clean; 
> it's on top of HBase 0.92 (which is easier for me to test) and doesn't have 
> any unit tests, for starters. But the changes should be very similar on trunk 
> - I don't remember changes in this particular area of the code between those 
> versions.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to