hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From apurt...@apache.org
Subject hbase git commit: HBASE-13482. Phoenix is failing to scan tables on secure environments. (Alicia Shu)
Date Mon, 20 Apr 2015 21:30:14 GMT
Repository: hbase
Updated Branches:
  refs/heads/0.98 7ac3b28b7 -> 50010ca31


HBASE-13482. Phoenix is failing to scan tables on secure environments. (Alicia Shu)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/50010ca3
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/50010ca3
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/50010ca3

Branch: refs/heads/0.98
Commit: 50010ca31ed0587e3bf112a5789ec42185a9b939
Parents: 7ac3b28
Author: Devaraj Das <ddas@apache.org>
Authored: Sun Apr 19 22:17:38 2015 -0700
Committer: Andrew Purtell <apurtell@apache.org>
Committed: Mon Apr 20 14:28:27 2015 -0700

----------------------------------------------------------------------
 .../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java     | 4 ++++
 .../apache/hadoop/hbase/security/access/AccessController.java    | 2 ++
 .../hadoop/hbase/security/visibility/VisibilityController.java   | 3 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/50010ca3/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index 2cc71a3..d906532 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -2366,6 +2366,10 @@ public class RpcServer implements RpcServerInterface {
     return CurCall.get();
   }
 
+  public static boolean isInRpcCallContext() {
+    return CurCall.get() != null;
+  }
+
   /**
    * Returns the user credentials associated with the current RPC request or
    * <code>null</code> if no credentials were provided.

http://git-wip-us.apache.org/repos/asf/hbase/blob/50010ca3/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index 644425f..1705ff2 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -2016,6 +2016,8 @@ public class AccessController extends BaseMasterAndRegionObserver
    * the checks performed in preScannerOpen()
    */
   private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
+    if (!RpcServer.isInRpcCallContext())
+      return;
     String requestUserName = RpcServer.getRequestUserName();
     String owner = scannerOwners.get(s);
     if (authorizationEnabled && owner != null && !owner.equals(requestUserName))
{

http://git-wip-us.apache.org/repos/asf/hbase/blob/50010ca3/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
index 9d1075d..348e229 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
@@ -648,7 +648,8 @@ public class VisibilityController extends BaseMasterAndRegionObserver
implements
    * access control is correctly enforced based on the checks performed in preScannerOpen()
    */
   private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
-    // This is duplicated code!
+    if (!RpcServer.isInRpcCallContext())
+      return;
     String requestUName = RpcServer.getRequestUserName();
     String owner = scannerOwners.get(s);
     if (authorizationEnabled && owner != null && !owner.equals(requestUName))
{


Mime
View raw message