hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francis Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-8662) [rest] support impersonation
Date Thu, 20 Jun 2013 00:14:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-8662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13688686#comment-13688686

Francis Liu commented on HBASE-8662:

but needs to authorize the user
If you're talking about the proxyUsers.authorize() call as I mentioned earlier all the information
needed to do the check is cached. So this shouldn't add any noticeable overhead at all.

send user information to server for every call because HBase server side may have authorization
setup too. 
This is just a few bytes to send the user principal. 0.94 has about as much bloat sent for
every call and I haven't heard anyone complain.

I think if we were going to only pick one this approach would serve both cases better than
the latter.

> [rest] support impersonation
> ----------------------------
>                 Key: HBASE-8662
>                 URL: https://issues.apache.org/jira/browse/HBASE-8662
>             Project: HBase
>          Issue Type: Sub-task
>          Components: REST, security
>            Reporter: Jimmy Xiang
>            Assignee: Jimmy Xiang
>             Fix For: 0.98.0
>         Attachments: method_doas.patch, secure_rest.patch, trunk-8662.patch, trunk-8662_v2.patch,
> Currently, our client API uses a fixed user: the current user. It should accept a user
passed in, if authenticated.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message