hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guanghao Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-19334) User.runAsLoginUser not work in AccessController because it use a short circuited connection
Date Thu, 23 Nov 2017 08:49:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-19334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16263996#comment-16263996
] 

Guanghao Zhang commented on HBASE-19334:
----------------------------------------

Add a initial 001 patch. The old method will pass a ACL table to AccessControlLists and then
close it. But the caller will close it too. In 001 patch, all addUserPermission/removeUserPermission
have two methods. One need the caller pass a connection. The connection should be closed by
the caller. Another one need the caller pass a Configuration. And then create a new connection
by ConnectionFactory. The new connection is not short circuited. So it can be used in AccessController's
User.runAsLoginUser.

> User.runAsLoginUser not work in AccessController because it use a short circuited connection
> --------------------------------------------------------------------------------------------
>
>                 Key: HBASE-19334
>                 URL: https://issues.apache.org/jira/browse/HBASE-19334
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Guanghao Zhang
>            Assignee: Guanghao Zhang
>         Attachments: HBASE-19334.master.001.patch
>
>
> The short-circuited connection will bypass the RPC and the RPC context didn't change.
So it still use the old RPC user to write ACL table and User.runAsLoginUser not work.
> AccessController's grant method.
> {code}
>         User.runAsLoginUser(new PrivilegedExceptionAction<Void>() {
>           @Override
>           public Void run() throws Exception {
>             // regionEnv is set at #start. Hopefully not null at this point.
>             try (Table table = regionEnv.getConnection().
>                 getTable(AccessControlLists.ACL_TABLE_NAME)) {
>               AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm,
table,
>                   request.getMergeExistingPermissions());
>             }
>             return null;
>           }
>         });
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message