hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enis Soztutar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14686) Ensure authoritative security coprocessors execute in the correct context
Date Sat, 24 Oct 2015 00:37:28 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14972198#comment-14972198
] 

Enis Soztutar commented on HBASE-14686:
---------------------------------------

Yep, this is good. A subtask can be to come up with an IT suite for end-to-end negative and
positive testing of the ACL matrix. HBASE-14605, HBASE-14631 cannot be unit tested easily.


> Ensure authoritative security coprocessors execute in the correct context
> -------------------------------------------------------------------------
>
>                 Key: HBASE-14686
>                 URL: https://issues.apache.org/jira/browse/HBASE-14686
>             Project: HBase
>          Issue Type: Umbrella
>            Reporter: Andrew Purtell
>
> In deployments using security coprocessors, those using preXXX hooks expect to make authoritative
decisions with all information available to them in the execution context including the request
user. Where users can issue requests in a RPC context separate from the context where the
work will be performed, we need to carry the request user's credentials through up to the
coprocessor upcall once we finally make it.
> This has been an occasional issue as various parts of the code are refactored. Revisit
again.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message