[ https://issues.apache.org/jira/browse/HBASE-19334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16263996#comment-16263996 ]
Guanghao Zhang commented on HBASE-19334: ---------------------------------------- Add a initial 001 patch. The old method will pass a ACL table to AccessControlLists and then close it. But the caller will close it too. In 001 patch, all addUserPermission/removeUserPermission have two methods. One need the caller pass a connection. The connection should be closed by the caller. Another one need the caller pass a Configuration. And then create a new connection by ConnectionFactory. The new connection is not short circuited. So it can be used in AccessController's User.runAsLoginUser. > User.runAsLoginUser not work in AccessController because it use a short > circuited connection > -------------------------------------------------------------------------------------------- > > Key: HBASE-19334 > URL: https://issues.apache.org/jira/browse/HBASE-19334 > Project: HBase > Issue Type: Bug > Reporter: Guanghao Zhang > Assignee: Guanghao Zhang > Attachments: HBASE-19334.master.001.patch > > > The short-circuited connection will bypass the RPC and the RPC context didn't > change. So it still use the old RPC user to write ACL table and > User.runAsLoginUser not work. > AccessController's grant method. > {code} > User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { > @Override > public Void run() throws Exception { > // regionEnv is set at #start. Hopefully not null at this point. > try (Table table = regionEnv.getConnection(). > getTable(AccessControlLists.ACL_TABLE_NAME)) { > > AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm, > table, > request.getMergeExistingPermissions()); > } > return null; > } > }); > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)