hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laxman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
Date Tue, 19 Jun 2012 07:00:45 GMT

    [ https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13396565#comment-13396565
] 

Laxman commented on HBASE-4791:
-------------------------------

@Matt, Thanks for your quick response and patience.

Configuration.setConfiguration - Doesn't seems to be a clean approach. 
What happens when you want to use multiple ZK clusters from same ZK client? 
Other problem with this approach is concurrency issues. No?

Think of the following scenario from a HBase client application which accesses HBase and ZooKeeper
for various puposes.

Thread-1 (HBase Client thread)
Step #1.1: oldConfig1 = Configuration.getConfiguration
Step #1.2: Configuration.setConfiguration(newConfig1)
Step #1.3: Initialize Do some work
Step #1.4: Configuration.setConfiguration(oldConfig1)

Thread-2 (Application specific thread)
Step #2.1: oldConfig2 = Configuration.getConfiguration
Step #2.2: Configuration.setConfiguration(newConfig2)
Step #2.3: Establish ZK Connection & do some work
Step #2.4: Configuration.setConfiguration(oldConfig2)

Will you be able to predict the behavior here when both of the threads run simultaneously?
Note that synchroniation also may not help as Thread-1 is HBase specific and Thread-2  Application
specific.

What's your opinion on providing this as part of ZooKeeper client code allowing clients to
configure thru constructor.

ZooKeeper(conf) - conf may be Map/ZKConfig/Properties/some other better data structure.

                
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only
by reading JAAS configuration file)
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-4791
>                 URL: https://issues.apache.org/jira/browse/HBASE-4791
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, zookeeper
>            Reporter: Eugene Koontz
>            Assignee: Eugene Koontz
>              Labels: security, zookeeper
>         Attachments: DemoConfig.java, HBASE-4791-v0.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file specified in
    System.setProperty("java.security.auth.login.config"). 
> However, it might be preferable to construct a JAAS configuration programmatically, as
is done with secure Hadoop (see https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting, and allow
instead an HBase-local configuration setting.	

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message