[ https://issues.apache.org/jira/browse/CASSANDRA-15089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Blake Eggleston updated CASSANDRA-15089: ---------------------------------------- Status: Ready to Commit (was: Review In Progress) > CassandraNetworkAuthorizer::authorize should get role details from Roles, not > directly from IRoleManager > -------------------------------------------------------------------------------------------------------- > > Key: CASSANDRA-15089 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15089 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization > Reporter: Sam Tunnicliffe > Assignee: Sam Tunnicliffe > Priority: Normal > Fix For: 4.0 > > > If the network permissions cache doesn't contain any entry for a role, the > authorize method is invoked on the configured INetworkAuthorizer. In the case > of CassandraNetworkAuthorizer, this immediately checks whether the role in > question has the LOGIN privilege set. It does this using the configured > IRoleManager directly, which causes a read from the underlying table in > system_auth. It should fetch the flag from Roles::canLogin, which uses the > RolesCache, falling back to the IRoleManager if necessary. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org