[
https://issues.apache.org/jira/browse/HADOOP-7070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12974322#action_12974322
]
Owen O'Malley commented on HADOOP-7070:
---------------------------------------
Todd, this looks like the right direction. In the future, you should copy the
issue into Hadoop's jira instead of just posting a link to Cloudera's jira.
About the patch, it seems like if you are setting up this kind of chaining, you
should have a way of unregistering the configuration when the app is unloaded.
(Although I don't have any experience with Glassfish...)
> JAAS configuration should delegate unknown application names to pre-existing
> configuration
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-7070
> URL: https://issues.apache.org/jira/browse/HADOOP-7070
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 0.22.0, 0.23.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Critical
> Attachments: hadoop-7070.txt, hadoop-7070.txt
>
>
> As reported here: https://issues.cloudera.org/browse/DISTRO-66 it is
> impossible to use secured Hadoop inside an application that relies on other
> JAAS configurations. This is because the static initializer of
> UserGroupInformation replaces the JAAS configuration, but we don't delegate
> unknown applications up to whatever Configuration was installed previously.
> The delegation technique seems to be used by JBoss's XMLLoginConfigImpl for
> example.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
