[
https://issues.apache.org/jira/browse/HBASE-10439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14142709#comment-14142709
]
Aditya Kishore commented on HBASE-10439:
----------------------------------------
This seems to be partially incorrect
Adding the following configuration to {{hbase-site.xml}} has no effect
{code}
<property>
<name>hadoop.proxyuser.$USER.groups</name>
<value>$GROUPS</value>
</property>
<property>
<name>hadoop.proxyuser.$USER.hosts</name>
<value>$GROUPS</value>
</property>
{code}
as {{ProxyUsers.authorize()}} internally calls
[refreshSuperUserGroupsConfiguration()|https://github.com/apache/hadoop-common/blob/branch-2.4/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java#L52]
which initializes proxy configuration from the default HBase configuration
files (and HBase configuration files are never added to the static default
configuration source list).
To workaround this, user must add these to one of the hadoop default properties
(core-site.xml).
We can fix this by calling
{{ProxyUsers.refreshSuperUserGroupsConfiguration(conf);}} in the REST server
initialization code, where {{conf}} is created as {{Configuration conf =
HBaseConfiguration.create();}}.
Does it make sense? If yes, will create a JIRA and attach the patch.
> Document how to configure REST server impersonation
> ---------------------------------------------------
>
> Key: HBASE-10439
> URL: https://issues.apache.org/jira/browse/HBASE-10439
> Project: HBase
> Issue Type: Task
> Components: documentation
> Reporter: Jimmy Xiang
> Assignee: Jimmy Xiang
> Priority: Minor
> Fix For: 0.99.0
>
> Attachments: hbase-10439.patch
>
>
> In 0.96, REST server supports impersonation. Let's document how to configure
> it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
