hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-9897) Clean up some security configuration checks in LoadIncrementalHFiles
Date Tue, 05 Nov 2013 22:58:17 GMT
Gary Helmling created HBASE-9897:
------------------------------------

             Summary: Clean up some security configuration checks in LoadIncrementalHFiles
                 Key: HBASE-9897
                 URL: https://issues.apache.org/jira/browse/HBASE-9897
             Project: HBase
          Issue Type: Task
          Components: security
            Reporter: Gary Helmling


In LoadIncrementalHFiles, use of SecureBulkLoadClient is conditioned on UserProvider.isHBaseSecurityEnabled()
in a couple of places.  However, use of secure bulk loading seems to be required more by use
of HDFS secure authentication, instead of HBase secure authentication.  It should be possible
to use secure bulk loading, as long as SecureBulkLoadEndpoint is loaded, and HDFS secure authentication
is enabled, regardless of the HBase authentication configuration.

In addition, SecureBulkLoadEndpoint does a direct check on permissions by referencing AccessController
loaded on the same region, i.e.:
{code}
      getAccessController().prePrepareBulkLoad(env);
{code}

It seems like this will throw an NPE if AccessController is not configured.  We need an additional
null check to handle this case gracefully.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message