hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject hbase git commit: HBASE-13482. Phoenix is failing to scan tables on secure environments. (Alicia Shu)
Date Mon, 20 Apr 2015 05:18:38 GMT
Repository: hbase
Updated Branches:
  refs/heads/branch-1.1 847bab203 -> 2bad56e5f


HBASE-13482. Phoenix is failing to scan tables on secure environments. (Alicia Shu)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/2bad56e5
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/2bad56e5
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/2bad56e5

Branch: refs/heads/branch-1.1
Commit: 2bad56e5fe8903f728cc20c905eaf3c9636cf08b
Parents: 847bab2
Author: Devaraj Das <ddas@apache.org>
Authored: Sun Apr 19 22:17:38 2015 -0700
Committer: Devaraj Das <ddas@apache.org>
Committed: Sun Apr 19 22:18:31 2015 -0700

----------------------------------------------------------------------
 .../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java     | 4 ++++
 .../apache/hadoop/hbase/security/access/AccessController.java    | 2 ++
 .../hadoop/hbase/security/visibility/VisibilityController.java   | 3 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/2bad56e5/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index c3d5eb7..8e498c4 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -2388,6 +2388,10 @@ public class RpcServer implements RpcServerInterface {
     return CurCall.get();
   }
 
+  public static boolean isInRpcCallContext() {
+    return CurCall.get() != null;
+  }
+
   /**
    * Returns the user credentials associated with the current RPC request or
    * <code>null</code> if no credentials were provided.

http://git-wip-us.apache.org/repos/asf/hbase/blob/2bad56e5/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index 03c46f6..bb22a4e 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -2042,6 +2042,8 @@ public class AccessController extends BaseMasterAndRegionObserver
    * the checks performed in preScannerOpen()
    */
   private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
+    if (!RpcServer.isInRpcCallContext())
+      return;
     String requestUserName = RpcServer.getRequestUserName();
     String owner = scannerOwners.get(s);
     if (authorizationEnabled && owner != null && !owner.equals(requestUserName))
{

http://git-wip-us.apache.org/repos/asf/hbase/blob/2bad56e5/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
index b981501..8ed9e04 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
@@ -639,7 +639,8 @@ public class VisibilityController extends BaseMasterAndRegionObserver
implements
    * access control is correctly enforced based on the checks performed in preScannerOpen()
    */
   private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
-    // This is duplicated code!
+    if (!RpcServer.isInRpcCallContext())
+      return;
     String requestUName = RpcServer.getRequestUserName();
     String owner = scannerOwners.get(s);
     if (authorizationEnabled && owner != null && !owner.equals(requestUName))
{


Mime
View raw message