Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-15089

CassandraNetworkAuthorizer::authorize should get role details from Roles, not directly from IRoleManager

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Fix Version/s: 4.0
    • Component/s: Feature/Authorization
    • Labels:
      None

      Description

      If the network permissions cache doesn't contain any entry for a role, the authorize method is invoked on the configured INetworkAuthorizer. In the case of CassandraNetworkAuthorizer, this immediately checks whether the role in question has the LOGIN privilege set. It does this using the configured IRoleManager directly, which causes a read from the underlying table in system_auth. It should fetch the flag from Roles::canLogin, which uses the RolesCache, falling back to the IRoleManager if necessary.

        Attachments

          Activity

            People

            • Assignee:
              samt Sam Tunnicliffe
              Reporter:
              samt Sam Tunnicliffe
              Authors:
              Sam Tunnicliffe
              Reviewers:
              Blake Eggleston
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: