You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by sn...@apache.org on 2017/04/03 10:33:32 UTC
[3/6] cassandra git commit: Ninja: code comments for logback
ReconfigureOnChangeFilter customization
Ninja: code comments for logback ReconfigureOnChangeFilter customization
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/f45f55b5
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/f45f55b5
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/f45f55b5
Branch: refs/heads/trunk
Commit: f45f55b55e2a2f3985baec22275fb51f2b5b1f6a
Parents: ac1b7c1
Author: Robert Stupp <sn...@snazy.de>
Authored: Mon Apr 3 11:32:22 2017 +0100
Committer: Robert Stupp <sn...@snazy.de>
Committed: Mon Apr 3 11:32:22 2017 +0100
----------------------------------------------------------------------
.../cql3/functions/ThreadAwareSecurityManager.java | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/f45f55b5/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
index 3d97790..13d1945 100644
--- a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
+++ b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
@@ -78,6 +78,15 @@ public final class ThreadAwareSecurityManager extends SecurityManager
return;
System.setSecurityManager(new ThreadAwareSecurityManager());
+ // The default logback configuration in conf/logback.xml allows reloading the
+ // configuration when the configuration file has changed (every 60 seconds by default).
+ // This requires logback to use file I/O APIs. But file I/O is not allowed from UDFs.
+ // I.e. if logback decides to check for a modification of the config file while
+ // executiing a sandbox thread, the UDF execution and therefore the whole request
+ // execution will fail with an AccessControlException.
+ // To work around this, a custom ReconfigureOnChangeFilter is installed, that simply
+ // prevents this configuration file check and possible reload of the configration,
+ // while executing sandboxed UDF code.
Logger l = LoggerFactory.getLogger(ThreadAwareSecurityManager.class);
ch.qos.logback.classic.Logger logbackLogger = (ch.qos.logback.classic.Logger) l;
LoggerContext ctx = logbackLogger.getLoggerContext();
@@ -98,7 +107,8 @@ public final class ThreadAwareSecurityManager extends SecurityManager
}
/**
- * The purpose of this class is
+ * The purpose of this class is to prevent logback from checking for config file change,
+ * if the current thread is executing a sandboxed thread to avoid {@link AccessControlException}s.
*/
private static class SMAwareReconfigureOnChangeFilter extends ReconfigureOnChangeFilter
{