[
https://issues.apache.org/jira/browse/HADOOP-12529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985986#comment-14985986
]
Chris Nauroth commented on HADOOP-12529:
----------------------------------------
Clarifying my earlier comment, I didn't mean to suggest that we should
immediately close this as Won't Fix. If there is an opportunity to optimize
for proxy users at our layer and prevent the need for downstream applications
to build a cache, then that's helpful for the whole ecosystem.
However, this is such a sensitive piece of logic that I'd want to see a
diligent review across the ecosystem to check for mutable usage of proxy user
UGI instances. I'd also want to see a thorough code review from multiple
committers. I would not advocate committing a patch for this unless people are
willing to put in that effort.
To summarize, I see the proposal as potentially helpful, but also highly risky.
Thanks!
> UserGroupInformation equals method depend on the subject object address
> -----------------------------------------------------------------------
>
> Key: HADOOP-12529
> URL: https://issues.apache.org/jira/browse/HADOOP-12529
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.7.1
> Reporter: wangwenli
>
> my question is why UserGroupInformation equals method depend on the
> subject object?
> try below code which is extract from HiveMetaStore:
> {code:title=TestUgi.java|borderStyle=solid}
> UserGroupInformation clientUgi = null;
> UserGroupInformation clientUgi2 = null;
> try {
> clientUgi = UserGroupInformation.createProxyUser("user2",
> UserGroupInformation.getLoginUser());
> clientUgi2 = UserGroupInformation.createProxyUser("user2",
> UserGroupInformation.getLoginUser());
> if (clientUgi.equals(clientUgi2)) {
> System.out.println("==");
> } else {
> System.out.println("!="); // strangely this will be hit
> }
> } catch (IOException e1) {
> e1.printStackTrace();
> }
> {code}
> i found that it is because the equal method from UserGroupInformation
> is compare on subject object ref : subject == ((UserGroupInformation)
> o).subject; .
> as you know, ipc.Client connect to namenode,
> connections.get(ConnectionId) this code will try to reuse the same socket
> to namenode, but because of ConnectionId's equal depend on ugi equal, which
> will cause connections.get(ConnectionId) cann't get the same socket,
> suppose many connect to HiveMetaStore, then many connection to Namenode will
> established.
> so my doubts is why UserGroupInformation is compare on subject object
> ref : subject == ((UserGroupInformation) o).subject, it should compare on
> subject's principal, am i right?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
