[
https://issues.apache.org/jira/browse/HBASE-15577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15227855#comment-15227855
]
chenxu commented on HBASE-15577:
--------------------------------
hi, Yu Li
it's a good advice to return Ids.OPEN_ACL_UNSAFE in the catch block.
the reason why of the HMaster.MASTER & HRegionServer.REGIONSERVER not used is
because of
hbase-client has no dependency on the hbase-server, ZooKeeperWatcher.java is in
the hbase-client module
and HMaster.java/HRegionServer.java is in the hbase-server module.
besides this, the client just need some auth to read the ZK's node, but can't
modify them.
so only when the identifier is a Server(HMaster or RegionServer), the auth can
assign to it.
> there need be a mechanism to enable ZK's ACL check when the authentication
> strategy is simple
> ---------------------------------------------------------------------------------------------
>
> Key: HBASE-15577
> URL: https://issues.apache.org/jira/browse/HBASE-15577
> Project: HBase
> Issue Type: Improvement
> Affects Versions: 1.1.3
> Reporter: chenxu
> Assignee: chenxu
> Attachments: HBASE-15577.patch, zk-set-acl.patch
>
>
> if the hbase.security.authentication is set to simple, the ZKUtil.createACL
> just return Ids.OPEN_ACL_UNSAFE, means that there is no ACL check on the ZK's
> node.
> we can refactoring this to enables the ACL's check function
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
