[ https://issues.apache.org/jira/browse/HIVE-5635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13874499#comment-13874499 ]
shanyu zhao commented on HIVE-5635: ----------------------------------- Hi [~ekoifman], any reason you used 2 nested ugi.doAs()? Isn't 1 doAs() enough? > WebHCatJTShim23 ignores security/user context > --------------------------------------------- > > Key: HIVE-5635 > URL: https://issues.apache.org/jira/browse/HIVE-5635 > Project: Hive > Issue Type: Bug > Components: WebHCat > Affects Versions: 0.12.0 > Reporter: Eugene Koifman > Assignee: Eugene Koifman > Fix For: 0.13.0 > > Attachments: HIVE-5635.2.patch, HIVE-5635.3.patch, HIVE-5635.patch > > > WebHCatJTShim23 takes UserGroupInformation object as argument (which > represents the user make the call to WebHCat or doAs user) but ignores. > WebHCatJTShim20S uses the UserGroupInformation > This is inconsistent and may be a security hole because in with Hadoop 2 the > methods on WebHCatJTShim are likely running with 'hcat' as the user context. -- This message was sent by Atlassian JIRA (v6.1.5#6160)