Sushanth Sowmyan created HIVE-5989:
--------------------------------------
Summary: Hive metastore authorization check is not threadsafe
Key: HIVE-5989
URL: https://issues.apache.org/jira/browse/HIVE-5989
Project: Hive
Issue Type: Bug
Affects Versions: 0.11.0
Reporter: Sushanth Sowmyan
Assignee: Sushanth Sowmyan
Metastore-side authorization has a couple of pretty important threadsafety bugs
in it:
a) The HiveMetastoreAuthenticated instantiated by the
AuthorizationPreEventListener is static. This is a premature optimization and
incorrect, as it will result in Authenticator implementations that store state
potentially giving an incorrect result, and this bug very much exists with the
DefaultMetastoreAuthenticator.
b) It assumes HMSHandler.getHiveConf() is itself going to be thread-safe, which
it is not. HMSHandler.getConf() is the appropriate thread-safe equivalent.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
