[jira] Issue Comment Edited: (HADOOP-2683) Provide a way to specifiy login out side an RPC

[Konstantin Shvachko (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-2683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12568697#action_12568697
 ] 

shv edited comment on HADOOP-2683 at 2/13/08 2:57 PM:
----------------------------------------------------------------------

I'd prefer if we could get rid of Server.getUserInfo().
Current code and the proposed patch need to call Server.getUserInfo() even if 
there is no RPC and therefore no Server.
Instead the Server should set UserGroupInformation.currentUGI before executing 
the call.
The name-node will call UserGroupInformation.getCurrentUGI() instead 
Server.getUserInfo().
If currentUGI = null the PermissionChecker should throw AccessControlException.
I think we should not automatically assume superuser privileges when currentUGI 
is null.
In case of non-RPC calls to name-node methods the caller should explicitly 
invoke UserGroupInformation.setCurrentUGI(..).
It could be done once per thread and should not make calls inefficient.


      was (Author: shv):
    I'd prefer if we could get rid of Server.getUserInfo().
Current code and the proposed patch need to call Server.getUserInfo() even if 
there is no RPC and therefore no Server.
Instead the Server should set UserGroupInformation.currentUGI before executing 
the call.
The name-node will call UserGroupInformation.getCurrentUGI() instead 
Server.getUserInfo().
If currentUGI = null the PermissionChecker should throw AccessControlException.
I think we should not automatically assume super privileges currentUGI is null.
In case of non-RPC calls to name-node methods the caller should explicitly 
invoke UserGroupInformation.setCurrentUGI(..).
It could be done once per thread and should not make calls inefficient.

  
> Provide a way to specifiy login out side an RPC
> -----------------------------------------------
>
>                 Key: HADOOP-2683
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2683
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: dfs
>    Affects Versions: 0.16.0
>            Reporter: Raghu Angadi
>            Assignee: Tsz Wo (Nicholas), SZE
>            Priority: Blocker
>             Fix For: 0.16.1
>
>         Attachments: 2683_20080211.patch, 2683_20080211b.patch, 
> 2683_20080212.patch, 2683_20080213.patch
>
>
> Requirements AFIK :
> It is required in some special cases (benchmarks etc) to invoke NameNode 
> functionality without an RPC. For this users should be able to set user 
> information that is otherwise available only an RPC.
> Patch for HADOOP-1298 includes a change to Server.java so that 
> {{Server.getUserInfo()}} does not need to in an RPC. This probably will be 
> replaced by patch here. 
> Please include any other Jira's that depend on this.
> Proposed fix:
> - UserGroupInformation becomes an abstract class
> - public static UserGroupInformation.getUserInfo() is added. which usually 
> just returns Server.getUserInfo();
> - public static UserGroupInformation.setUserInfo(UserGroupInformation) sets  
> a thread local that will returned if Server.getUserInfo() returns null. 
> - all invocations of Server.getUserInfo() will be replaced by 
> UserGroupInformation.getUserInfo().

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.