Dian Fu created HADOOP-11337:
--------------------------------
Summary: KeyAuthorizationKeyProvider#doAccessCheck should throw
exception when metadata for the specified key is null
Key: HADOOP-11337
URL: https://issues.apache.org/jira/browse/HADOOP-11337
Project: Hadoop Common
Issue Type: Bug
Reporter: Dian Fu
In {{KeyAuthorizationKeyProvider#getMetadata}}, if firstly call
{{KeyAuthorizationKeyProvider#doAccessCheck}} to check if client has the
permission to do this operation. However, if the metadata is null when
{{KeyAuthorizationKeyProvider#doAccessCheck}} is called and becomes not null
after {{KeyAuthorizationKeyProvider#doAccessCheck}} called, key based ACL check
will be skipped. It should throw an exception if metadata is null in
{{KeyAuthorizationKeyProvider#doAccessCheck}}.
{code}
public Metadata getMetadata(String name) throws IOException {
doAccessCheck(name, KeyOpType.READ);
return provider.getMetadata(name);
}
private void doAccessCheck(String keyName, KeyOpType opType) throws
IOException {
Metadata metadata = provider.getMetadata(keyName);
if (metadata != null) {
String aclName = metadata.getAttributes().get(KEY_ACL_NAME);
checkAccess((aclName == null) ? keyName : aclName, getUser(), opType);
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
