Gary Helmling created HBASE-16141:
-------------------------------------
Summary: Unwind use of UserGroupInformation.doAs() to convey
requester identity in coprocessor upcalls
Key: HBASE-16141
URL: https://issues.apache.org/jira/browse/HBASE-16141
Project: HBase
Issue Type: Improvement
Components: Coprocessors, security
Reporter: Gary Helmling
Assignee: Gary Helmling
Fix For: 2.0.0, 1.4.0
In discussion on HBASE-16115, there is some discussion of whether
UserGroupInformation.doAs() is the right mechanism for propagating the original
requester's identify in certain system contexts (splits, compactions, some
procedure calls). It has the unfortunately of overriding the current user,
which makes for very confusing semantics for coprocessor implementors. We
should instead find an alternate mechanism for conveying the caller identity,
which does not override the current user context.
I think we should instead look at passing this through as part of the
ObserverContext passed to every coprocessor hook.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
