[
https://issues.apache.org/jira/browse/HBASE-14169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14709813#comment-14709813
]
Elliott Clark commented on HBASE-14169:
---------------------------------------
bq.That's implementation detail tho not a contract?
Nope that's the public api of ProxyUsers. It's in the name of the method, in
the parameters, and in the static un-extendable code.
If there's some company specific ImpersonationProvider that does different
things then having ProxyUsers.refreshSuperUserGroupsConfiguration tied to
reloading config won't be harmful at all. However for most other users it will
be better to not have two different things that reload the config as
refreshSuperUserGroupsConfiguration always reloads the config anyway.
{code}
public static void refreshSuperUserGroupsConfiguration(Configuration conf)
{code}
> API to refreshSuperUserGroupsConfiguration
> ------------------------------------------
>
> Key: HBASE-14169
> URL: https://issues.apache.org/jira/browse/HBASE-14169
> Project: HBase
> Issue Type: New Feature
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: HBASE-14169.patch, HBASE-14169_2.patch,
> HBASE-14169_3.patch
>
>
> For deployments that use security. User impersonation (AKA doAs()) is needed
> for some services (ie Stargate, thriftserver, Oozie, etc). Impersonation
> definitions are defined in a xml config file and read and cached by the
> ProxyUsers class. Calling this api will refresh cached information,
> eliminating the need to restart the master/regionserver whenever the
> configuration is changed.
> Implementation just adds another method to AccessControlService.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
