You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Vishy Kasar (JIRA)" <ji...@apache.org> on 2015/08/24 18:42:45 UTC

[jira] [Created] (CASSANDRA-10168) CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails

Vishy Kasar created CASSANDRA-10168:
---------------------------------------

             Summary: CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails
                 Key: CASSANDRA-10168
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10168
             Project: Cassandra
          Issue Type: Bug
          Components: Core
            Reporter: Vishy Kasar
         Attachments: authorizer.patch

The PermissionCache is refreshed in the background every permissions_update_interval_in_ms by looking up cassandra tables. This background refresher assumes the called methods to throw exception on cassandra failures. In such cases, it just serves the stale entry until the next refresh happens. 

CassandraAuthorizer.authorize is throwing exception when it fails to lookup system_auth.users table. However when lookup on system_auth.permissions table fails, it swallows the exception and returns PERMISSION.NONE. In that case, the cache thinks that permission was revoked for the user  until the next refresh succeeds. All the requests to that user on that cassandra instance fail incorrectly till the next refresh succeeds. This is bad. 

CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails.

I have attached a patch for cassandra 2.0 branch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)