[
https://issues.apache.org/jira/browse/HADOOP-12389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14736596#comment-14736596
]
Steve Loughran commented on HADOOP-12389:
-----------------------------------------
Maybe it was accidental. Example, a service like hdfs gets an incoming request
from the hdfs principal. It doesn't make sense to have some code like
{code}
if (!ugi.getCurrentUser().equals(ugi.getRealUser() { UGI.createProxyUser(...)}
{code}
that only creates two code paths, and requires whoever is writing the security
code to consider this use case.
> allow self-impersonation
> ------------------------
>
> Key: HADOOP-12389
> URL: https://issues.apache.org/jira/browse/HADOOP-12389
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Allen Wittenauer
>
> This is kind of dumb:
> org.apache.hadoop.security.authorize.AuthorizationException: User: aw is not
> allowed to impersonate aw
> Users should be able to impersonate themselves in secure and non-secure cases
> automatically, for free.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
