When running an embedded ThriftServer, use User.runAs() to allow it to run as a
separate principal from the embedding region server
-----------------------------------------------------------------------------------------------------------------------------------
Key: HBASE-4475
URL: https://issues.apache.org/jira/browse/HBASE-4475
Project: HBase
Issue Type: Improvement
Components: security, thrift
Reporter: Gary Helmling
As discussed over in HBASE-4460, the current approach to ThriftServer
authentication (provided in HBASE-4099) will not work in an embedded context,
since the region server will already does a login for the process.
We could make the embedded thrift server still run as a separate user, though,
by doing something like the following:
* add a {{User.loginAndReturnUser()}} variant that delegates to
{{UserGroupInformation.loginUserFromKeytabAndReturnUGI()}}, then returns a
wrapping {{User}} instance
* call this method on startup for the embedded thrift server to get the thrift
user instance
* use {{User.runAs()}} to execute the body of {{HRegionThriftServer.run()}} as
the logged in thrift user
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
