hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
Date Wed, 10 Sep 2014 01:43:29 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14127911#comment-14127911
] 

Andrew Purtell commented on HBASE-11136:
----------------------------------------

Don't add this logging (there's a mis-spelling there anyway). The other change looks like
a whitespace only change so the whole hunk can be removed:
{code}
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -787,13 +787,19 @@ public class AccessController extends BaseRegionObserver
     if (env instanceof MasterCoprocessorEnvironment) {
       // if running on HMaster
       MasterCoprocessorEnvironment mEnv = (MasterCoprocessorEnvironment) env;
+      LOG.info("AccessController runing on master: "
+          + mEnv.getMasterServices().getServerName().getServerName());
       zk = mEnv.getMasterServices().getZooKeeper();
-    } else if (env instanceof RegionServerCoprocessorEnvironment) {      
+    } else if (env instanceof RegionServerCoprocessorEnvironment) {
       RegionServerCoprocessorEnvironment rsEnv = (RegionServerCoprocessorEnvironment) env;
+      LOG.info("AccessController runing on region server: "
+          + rsEnv.getRegionServerServices().getServerName().getServerName());
       zk = rsEnv.getRegionServerServices().getZooKeeper();      
     } else if (env instanceof RegionCoprocessorEnvironment) {
       // if running at region
       regionEnv = (RegionCoprocessorEnvironment) env;
+      LOG.info("AccessControler runing at region: "
+          + regionEnv.getRegion().getRegionNameAsString());
       conf.addStringMap(regionEnv.getRegion().getTableDesc().getConfiguration());
       zk = regionEnv.getRegionServerServices().getZooKeeper();
       compatibleEarlyTermination = conf.getBoolean(AccessControlConstants.CF_ATTRIBUTE_EARLY_OUT,
{code}

Otherwise it looks ok.


> Add permission check to roll WAL writer 
> ----------------------------------------
>
>                 Key: HBASE-11136
>                 URL: https://issues.apache.org/jira/browse/HBASE-11136
>             Project: HBase
>          Issue Type: Improvement
>          Components: regionserver, security
>    Affects Versions: 0.96.2, 0.98.2
>            Reporter: Jerry He
>            Assignee: Jerry He
>            Priority: Minor
>             Fix For: 2.0.0, 0.98.7, 0.99.1
>
>         Attachments: HBASE-11136-trunk-v1.patch
>
>
> Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on
a region server. But no permission check is done on this operation in a secure cluster.
> We need to add permission check to prevent un-authorized user from running this operation.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message