hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From apurt...@apache.org
Subject [1/4] hbase git commit: HBASE-13085 Security issue in the implementation of Rest gataway 'doAs' proxy user support (Jerry He)
Date Tue, 24 Feb 2015 18:23:47 GMT
Repository: hbase
Updated Branches:
  refs/heads/0.98 51d7529a1 -> f4fa876c5
  refs/heads/branch-1 f938999ef -> 514dd5842
  refs/heads/branch-1.0 7ec02aaf2 -> f27f1af3c
  refs/heads/master af848f8a7 -> c3a9c2a87


HBASE-13085 Security issue in the implementation of Rest gataway 'doAs' proxy user support
(Jerry He)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/c3a9c2a8
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/c3a9c2a8
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/c3a9c2a8

Branch: refs/heads/master
Commit: c3a9c2a87fcf660348b80ac66c9c0c6341055ed6
Parents: af848f8
Author: Andrew Purtell <apurtell@apache.org>
Authored: Tue Feb 24 10:18:17 2015 -0800
Committer: Andrew Purtell <apurtell@apache.org>
Committed: Tue Feb 24 10:18:17 2015 -0800

----------------------------------------------------------------------
 .../java/org/apache/hadoop/hbase/rest/RESTServletContainer.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/c3a9c2a8/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServletContainer.java
----------------------------------------------------------------------
diff --git a/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServletContainer.java
b/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServletContainer.java
index 2ce8ede..b5ecb35 100644
--- a/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServletContainer.java
+++ b/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServletContainer.java
@@ -56,7 +56,8 @@ public class RESTServletContainer extends ServletContainer {
       if (!servlet.supportsProxyuser()) {
         throw new ServletException("Support for proxyuser is not configured");
       }
-      UserGroupInformation ugi = servlet.getRealUser();
+      // Authenticated remote user is attempting to do 'doAs' proxy user.
+      UserGroupInformation ugi = UserGroupInformation.createRemoteUser(request.getRemoteUser());
       // create and attempt to authorize a proxy user (the client is attempting
       // to do proxy user)
       ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi);


Mime
View raw message