You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by sn...@apache.org on 2017/04/03 10:33:32 UTC

[3/6] cassandra git commit: Ninja: code comments for logback ReconfigureOnChangeFilter customization

Ninja: code comments for logback ReconfigureOnChangeFilter customization


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/f45f55b5
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/f45f55b5
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/f45f55b5

Branch: refs/heads/trunk
Commit: f45f55b55e2a2f3985baec22275fb51f2b5b1f6a
Parents: ac1b7c1
Author: Robert Stupp <sn...@snazy.de>
Authored: Mon Apr 3 11:32:22 2017 +0100
Committer: Robert Stupp <sn...@snazy.de>
Committed: Mon Apr 3 11:32:22 2017 +0100

----------------------------------------------------------------------
 .../cql3/functions/ThreadAwareSecurityManager.java      | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/f45f55b5/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
index 3d97790..13d1945 100644
--- a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
+++ b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
@@ -78,6 +78,15 @@ public final class ThreadAwareSecurityManager extends SecurityManager
             return;
         System.setSecurityManager(new ThreadAwareSecurityManager());
 
+        // The default logback configuration in conf/logback.xml allows reloading the
+        // configuration when the configuration file has changed (every 60 seconds by default).
+        // This requires logback to use file I/O APIs. But file I/O is not allowed from UDFs.
+        // I.e. if logback decides to check for a modification of the config file while
+        // executiing a sandbox thread, the UDF execution and therefore the whole request
+        // execution will fail with an AccessControlException.
+        // To work around this, a custom ReconfigureOnChangeFilter is installed, that simply
+        // prevents this configuration file check and possible reload of the configration,
+        // while executing sandboxed UDF code.
         Logger l = LoggerFactory.getLogger(ThreadAwareSecurityManager.class);
         ch.qos.logback.classic.Logger logbackLogger = (ch.qos.logback.classic.Logger) l;
         LoggerContext ctx = logbackLogger.getLoggerContext();
@@ -98,7 +107,8 @@ public final class ThreadAwareSecurityManager extends SecurityManager
     }
 
     /**
-     * The purpose of this class is
+     * The purpose of this class is to prevent logback from checking for config file change,
+     * if the current thread is executing a sandboxed thread to avoid {@link AccessControlException}s.
      */
     private static class SMAwareReconfigureOnChangeFilter extends ReconfigureOnChangeFilter
     {