[jira] [Commented] (ACCUMULO-3939) Accumulo AuditedSecurityOperation is not initialized properly

Mon, 20 Jul 2015 18:25:56 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14634377#comment-14634377
 ] 

Josh Elser commented on ACCUMULO-3939:
--------------------------------------

So, in other words, you're saying that auditing of security operations doesn't 
actually happen? Seems odd, I was fairly certain we had tests for this. I 
remember specifically testing this back in the 1.5.1 timeframe. I'd be 
surprised if we changed anything surrounding this since then, but it's 
certainly possible.

Copying what the code appears to be doing now does seem to indicate that it 
wouldn't work, but I'm not 100% convinced I did a completely valid verification.

Can you please verify that you are in fact not seeing audit messages when you 
configure the auditing? (change the level in auditLog.xml to INFO from OFF)

If this is broken, we can look at rolling a 1.5.4 right away since our last 
poll of the community via the mailing lists indicate no one was looking for 
more bug fix releases on 1.5

> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>
>                 Key: ACCUMULO-3939
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3939
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Priority: Critical
>              Labels: easyfix
>
> While reading the source I found out that the AuditedSecurityOperation is 
> never initialized properly.
> The AuditSecurityOperation does not contain a getInstance() static method. 
> This in turn just calls the SecurityOperation getInstance() method. Because 
> this is called in a static manner the getInstance(String instanceId, boolean 
> initialize) is called against the SecurityOperation class not the 
> AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the 
> AuditedSecurityOperation class.
> This is critical as we are in need of this security auditing to meet 
> Information Assurance requirements for an upcoming major release of our 
> software.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to