Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 27DC0200CC2 for ; Wed, 21 Jun 2017 06:44:20 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 26762160BEF; Wed, 21 Jun 2017 04:44:20 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6D66B160BE1 for ; Wed, 21 Jun 2017 06:44:19 +0200 (CEST) Received: (qmail 65304 invoked by uid 500); 21 Jun 2017 04:44:18 -0000 Mailing-List: contact dev-help@storm.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@storm.apache.org Delivered-To: mailing list dev@storm.apache.org Received: (qmail 65287 invoked by uid 99); 21 Jun 2017 04:44:18 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Jun 2017 04:44:18 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id E492CDFB0D; Wed, 21 Jun 2017 04:44:17 +0000 (UTC) From: arunmahadevan To: dev@storm.apache.org Reply-To: dev@storm.apache.org Message-ID: Subject: [GitHub] storm pull request #2169: [STORM-2563] Remove the workaround to handle missi... Content-Type: text/plain Date: Wed, 21 Jun 2017 04:44:17 +0000 (UTC) archived-at: Wed, 21 Jun 2017 04:44:20 -0000 GitHub user arunmahadevan opened a pull request: https://github.com/apache/storm/pull/2169 [STORM-2563] Remove the workaround to handle missing UGI.loginUserFromSubject https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java#L225 The "userCons.setAccessible(true)" invokes constructor of a package private class bypassing the Java access control checks and raising red flags in our internal security scans. The "loginUserFromSubject(Subject subject)" has been added to UGI (https://issues.apache.org/jira/browse/HADOOP-10164) and available since Hadoop version 2.3 released over three years ago (http://hadoop.apache.org/releases.html). I think the workaround is no longer required since the case will not happen when using hadoop-common versions >= 2.3 @revans2 , could you take a look ? You can merge this pull request into a Git repository by running: $ git pull https://github.com/arunmahadevan/storm STORM-2563 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/storm/pull/2169.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2169 ---- commit 2fac9787c711ee30145c4275547629394df1c67b Author: Arun Mahadevan Date: 2017-06-21T04:41:36Z [STORM-2563] Remove the workaround to handle missing UGI.loginUserFromSubject https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java#L225 The "userCons.setAccessible(true)" invokes constructor of a package private class bypassing the Java access control checks and raising red flags in our internal security scans. The "loginUserFromSubject(Subject subject)" has been added to UGI (https://issues.apache.org/jira/browse/HADOOP-10164) and available since Hadoop version 2.3 released over three years ago (http://hadoop.apache.org/releases.html). I think the workaround is no longer required since the case will not happen when using hadoop-common versions >= 2.3 ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---