[
https://issues.apache.org/jira/browse/HBASE-19093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16260927#comment-16260927
]
Chia-Ping Tsai commented on HBASE-19093:
----------------------------------------
bq. The SecurableHook annotation is a good idea, but since we have pre and post
methods, we should not expect that both of them are implemented.
What about adding the annotation to only the pre methods? Or we can add the
annotation to the methods which won't be checked by {{AccessController}}. i try
to avoid that someone adds the new hook without security check in the future.
> Check Admin/Table to ensure all operations go via AccessControl
> ---------------------------------------------------------------
>
> Key: HBASE-19093
> URL: https://issues.apache.org/jira/browse/HBASE-19093
> Project: HBase
> Issue Type: Sub-task
> Reporter: stack
> Assignee: Balazs Meszaros
> Priority: Blocker
> Fix For: 2.0.0-beta-1
>
> Attachments: HBASE-19093.master.001.patch,
> HBASE-19093.master.002.patch, RegionObserver.txt
>
>
> A cursory review of Admin Interface has a bunch of methods as open, with out
> AccessControl checks. For example, procedure executor has not check on it.
> This issue is about given the Admin and Table Interfaces a once-over to see
> what is missing and to fill in access control where missing.
> This is a follow-on from work over in HBASE-19048
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
