hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jiraposter@reviews.apache.org (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
Date Tue, 08 May 2012 20:19:50 GMT

    [ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13270791#comment-13270791
] 

jiraposter@reviews.apache.org commented on HBASE-5732:
------------------------------------------------------



bq.  On 2012-05-02 23:02:22, Michael Stack wrote:
bq.  >

I am not sure what step I missed the last time (when I answered your questions) that reviewboard
didn't publish the responses.. Trying again.


bq.  On 2012-05-02 23:02:22, Michael Stack wrote:
bq.  > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java,
line 1
bq.  > <https://reviews.apache.org/r/4953/diff/1/?file=105842#file105842line1>
bq.  >
bq.  >     This exception should be at top level in hbase?
bq.  
bq.  Michael Stack wrote:
bq.      Did you address this in your subsequent patch?

I left it where it was originally. I think its fine as is..


bq.  On 2012-05-02 23:02:22, Michael Stack wrote:
bq.  > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50
bq.  > <https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50>
bq.  >
bq.  >     So, if no user, its insecure hbase?  Good.
bq.  >     
bq.  >     I don't see you regenerating pb stuff after making these changes in this proto
file.
bq.  
bq.  Michael Stack wrote:
bq.      What about above?

On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone
like the Oozie server to access HBase on behalf of some other effective user. The HBase server
could still keep track of who is the the real user and who is the effective user. Documented
here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this
was already there in the original code. I made the realuser optional since its not always
going to be there.

There is actually - RPCProtos.java


bq.  On 2012-05-02 23:02:22, Michael Stack wrote:
bq.  > http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml, line
129
bq.  > <https://reviews.apache.org/r/4953/diff/1/?file=105872#file105872line129>
bq.  >
bq.  >     What is this?  Mistake?

I merged in the stuff from hbase-site.xml from the security/src/test/resources into the src/test/resources
one since the security one would go away (yeah you won't know about it unless you do a manual
diff of the two hbase-site.xml files).


bq.  On 2012-05-02 23:02:22, Michael Stack wrote:
bq.  > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java,
line 19
bq.  > <https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19>
bq.  >
bq.  >     This class should go up to the top level of hbase and not be hidden down here
in security now it is used by both secure and insecure hbase?
bq.  
bq.  Michael Stack wrote:
bq.      Ditto

I'd like to leave it as is since the class aims to shim the security related aspects of 'User'
(Other than that it would save lots of lines in the patch if the package name is kept intact).


- Devaraj


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4953/#review7488
-----------------------------------------------------------


On 2012-05-08 07:45:11, Devaraj Das wrote:
bq.  
bq.  -----------------------------------------------------------
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/4953/
bq.  -----------------------------------------------------------
bq.  
bq.  (Updated 2012-05-08 07:45:11)
bq.  
bq.  
bq.  Review request for Ted Yu, Michael Stack and Andrew Purtell.
bq.  
bq.  
bq.  Summary
bq.  -------
bq.  
bq.  Reviewboard request for HBASE-5732
bq.  
bq.  
bq.  This addresses bug HBASE-5732.
bq.      https://issues.apache.org/jira/browse/HBASE-5732
bq.  
bq.  
bq.  Diffs
bq.  -----
bq.  
bq.    http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java
1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java
PRE-CREATION 
bq.    http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

bq.  
bq.  Diff: https://reviews.apache.org/r/4953/diff
bq.  
bq.  
bq.  Testing
bq.  -------
bq.  
bq.  All unit tests pass.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Devaraj
bq.  
bq.


                
> Remove the SecureRPCEngine and merge the security-related logic in the core engine
> ----------------------------------------------------------------------------------
>
>                 Key: HBASE-5732
>                 URL: https://issues.apache.org/jira/browse/HBASE-5732
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Devaraj Das
>            Assignee: Devaraj Das
>         Attachments: 5732-rpcengine-merge.7.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch,
rpcengine-merge.patch
>
>
> Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow
up to HBASE-5727.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message