Stephen O'Donnell created HDFS-16259:
----------------------------------------
Summary: Catch and re-throw sub-classes of AccessControlException
thrown by any permission provider plugins (eg Ranger)
Key: HDFS-16259
URL: https://issues.apache.org/jira/browse/HDFS-16259
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Reporter: Stephen O'Donnell
Assignee: Stephen O'Donnell
When a permission provider plugin is enabled (eg Ranger) there are some
scenarios where it can throw a sub-class of an AccessControlException (eg
RangerAccessControlException). If this exception is allowed to propagate up the
stack, it can give problems in the HDFS Client, when it unwraps the remote
exception containing the AccessControlException sub-class.
Ideally, we should make AccessControlException final so it cannot be
sub-classed, but that would be a breaking change at this point. Therefore I
believe the safest thing to do, is to catch any AccessControlException that
comes out of the permission enforcer plugin, and re-throw an
AccessControlException instead.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
