[ https://issues.apache.org/jira/browse/HBASE-6393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14490622#comment-14490622 ]
Marcelo Vanzin commented on HBASE-6393: --------------------------------------- FYI, even though I had a patch for this originally and asked Matteo to hold off til I had a chance to update it, currently I'm probably not gonna spend time on that. (Internally I think we worked around this in a different manner, so adding this patch would probably not add much value to us at this point anyway.) So feel free to do as you wish here. :-) > Decouple audit event creation from storage in AccessController > -------------------------------------------------------------- > > Key: HBASE-6393 > URL: https://issues.apache.org/jira/browse/HBASE-6393 > Project: HBase > Issue Type: Brainstorming > Components: security > Affects Versions: 0.95.2 > Reporter: Marcelo Vanzin > Attachments: HBASE-6393-v2.patch, HBASE-6393-v3.patch, > hbase-6393-v1.patch > > > Currently, AccessControler takes care of both generating audit events (by > performing access checks) and storing them (by creating a log message and > writing it to the AUDITLOG logger). > This makes the logging system the only way to catch audit events. It means > that if someone wants to do something fancier (like writing these records to > a database somewhere), they need to hack through the logging system, and > parse the messages generated by AccessController, which is not optimal. > The attached patch decouples generation and storage by introducing a new > interface, used by AccessController, to log the audit events. The current, > log-based storage is kept in place so that current users won't be affected by > the change. > I'm filing this as an RFC at this point, so the patch is not totally clean; > it's on top of HBase 0.92 (which is easier for me to test) and doesn't have > any unit tests, for starters. But the changes should be very similar on trunk > - I don't remember changes in this particular area of the code between those > versions. -- This message was sent by Atlassian JIRA (v6.3.4#6332)