[
https://issues.apache.org/jira/browse/HDFS-2246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13109649#comment-13109649
]
Suresh Srinivas commented on HDFS-2246:
---------------------------------------
bq. Passing the block token means we can still check block access based on HDFS
permissions, and run as separate principals.
The reason I removed this check is, the new method that is added currently is
for short circuit reads only. It is allowed only for a user (same as datanode)
and only over kerberos auth if security enabled. I like to start with such
restrictions, making the API useful only for short circuit reads. Adding
additional token based access is not adding much here and seems redundant.
Also note my previous comment:
bq. getBlockPathInfo() is authorized using block token. This makes the use of
cache for block to path info confusing. A cache could be added an entry based
on one token and an access to the cache using another token finds the cached
path info.
> Shortcut a local client reads to a Datanodes files directly
> -----------------------------------------------------------
>
> Key: HDFS-2246
> URL: https://issues.apache.org/jira/browse/HDFS-2246
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: Sanjay Radia
> Attachments: 0001-HDFS-347.-Local-reads.patch, HDFS-2246.20s.1.patch,
> HDFS-2246.20s.2.txt, HDFS-2246.20s.3.txt, HDFS-2246.20s.4.txt,
> HDFS-2246.20s.patch, localReadShortcut20-security.2patch
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
