You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Sylvain Lebresne (JIRA)" <ji...@apache.org> on 2012/07/13 12:44:34 UTC

[jira] [Commented] (CASSANDRA-4295) move checkaccess into statement.prepare

    [ https://issues.apache.org/jira/browse/CASSANDRA-4295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13413649#comment-13413649 ] 

Sylvain Lebresne commented on CASSANDRA-4295:
---------------------------------------------

The current {{IAuthority}} API is:
{noformat}
public EnumSet<Permission> authorize(AuthenticatedUser user, List<Object> resource);
{noformat}

What about changing that to something like:
{noformat}
public interface PermissionToken {}

public Pair<EnumSet<Permission>, PermissionToken> authorize(AuthenticatedUser user, List<Object> resource);
public boolean isStillValid(PermissionToken token);
{noformat}
The semantic being that authorize would give us a token (every implementation could make that be whatever they want) and {{isStillValid}} would validate whether the authorization that returned the token is still valid at the time of the call to {{isStillValid}}.

Implementations that don't want to get fancy could just return null as the token and have {{isStillValid}} return either:
- always true if an authorization is valid indefinitely
- always false to force redoing an authorization every time

And more fancier policy (like authorization is valid for X minutes only, ...) can be easily implemented too.

Then in CQL we would call authorize during preparation and keep the token around, and during execution we would check the validity of the token and redo the authorization only if it's not valid anymore. It does complicate think a bit, but not too much either.

Or we just leave things like they are and consider that caching the result of authorize should be the business of the {{IAuthority}} (I'm personally not against that). But the more I think about it, the more I'm convince that forcing users and their access rights to be immutable is A Bad Idea.
                
> move checkaccess into statement.prepare
> ---------------------------------------
>
>                 Key: CASSANDRA-4295
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-4295
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: API
>    Affects Versions: 1.1.0
>            Reporter: Jonathan Ellis
>            Assignee: Pavel Yaskevich
>            Priority: Minor
>             Fix For: 1.1.3
>
>         Attachments: CASSANDRA-4295.patch
>
>
> there's no need to redo this every execution since the schema, tables, and users involved should all be immutable

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira