hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10448) Support pluggable mechanism to specify proxy user settings
Date Fri, 02 May 2014 13:39:43 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13987697#comment-13987697

Daryn Sharp commented on HADOOP-10448:

I think you're correct on the JMM.  There was a discussion on DCL where the incomplete construction
was brought up, although volative since JDK 5 appears to have fixed the problem.  During the
first access or a refresh, a surge of connections may cause multiple instances to be created
(all but the last disposed after the check) to be created but I suppose that's a fringe event
and the benefit outweighs it.

bq. I agree and have created an interface - ImpersonationProvider . This will be implemented
by DefaultImpersonationProvider and the above methods are part of DefaultImpersonationProvider.

Nice.  My question was actually if the {{get*ConfKey}} methods need to remain in {{ProxyUsers}}
and delegation directly to the {{DefaultImpersonationProvider}}?  It seems they are only used
by tests.  Leaving them in would allow someone to use them.  If they aren't using the default
provider, it may be surprising that they are a no-op...

Minor nit is the whitespace inconsistencies.  There are cases of double spaces, no space between
if and paren, no space between class and curly, spaces between method call and paren, etc.

> Support pluggable mechanism to specify proxy user settings
> ----------------------------------------------------------
>                 Key: HADOOP-10448
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10448
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.3.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch,
HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch
> We have a requirement to support large number of superusers. (users who impersonate as
another user) (http://hadoop.apache.org/docs/r1.2.1/Secure_Impersonation.html) 
> Currently each  superuser needs to be defined in the core-site.xml via proxyuser settings.
This will be cumbersome when there are 1000 entries.
> It seems useful to have a pluggable mechanism to specify  proxy user settings with the
current approach as the default. 

This message was sent by Atlassian JIRA

View raw message