[
https://issues.apache.org/jira/browse/HBASE-14686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14972198#comment-14972198
]
Enis Soztutar commented on HBASE-14686:
---------------------------------------
Yep, this is good. A subtask can be to come up with an IT suite for end-to-end
negative and positive testing of the ACL matrix. HBASE-14605, HBASE-14631
cannot be unit tested easily.
> Ensure authoritative security coprocessors execute in the correct context
> -------------------------------------------------------------------------
>
> Key: HBASE-14686
> URL: https://issues.apache.org/jira/browse/HBASE-14686
> Project: HBase
> Issue Type: Umbrella
> Reporter: Andrew Purtell
>
> In deployments using security coprocessors, those using preXXX hooks expect
> to make authoritative decisions with all information available to them in the
> execution context including the request user. Where users can issue requests
> in a RPC context separate from the context where the work will be performed,
> we need to carry the request user's credentials through up to the coprocessor
> upcall once we finally make it.
> This has been an occasional issue as various parts of the code are
> refactored. Revisit again.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
