[
https://issues.apache.org/jira/browse/ACCUMULO-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14637770#comment-14637770
]
Christopher Tubbs commented on ACCUMULO-3939:
---------------------------------------------
Patch looks okay. Might generate a findbugs warning due to name shadowing of
the method name. Just need to add an exception to findbugs if it does.
The larger question is whether we should do a release of 1.5.4 to implement
this fix for 1.5. We'll probably want to discuss that on the mailing list, but
one question I have, which might help inform that conversation:
* Is there a workaround? (for example, can audit logs be controlled with
regular log4j initialization?)
> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>
> Key: ACCUMULO-3939
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3939
> Project: Accumulo
> Issue Type: Bug
> Affects Versions: 1.5.3
> Reporter: James Mello
> Priority: Critical
> Labels: easyfix
> Attachments: ACCUMULO-3939.patch, generic_logger.xml
>
>
> While reading the source I found out that the AuditedSecurityOperation is
> never initialized properly.
> The AuditSecurityOperation does not contain a getInstance() static method.
> This in turn just calls the SecurityOperation getInstance() method. Because
> this is called in a static manner the getInstance(String instanceId, boolean
> initialize) is called against the SecurityOperation class not the
> AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the
> AuditedSecurityOperation class.
> This is critical as we are in need of this security auditing to meet
> Information Assurance requirements for an upcoming major release of our
> software.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
