[
https://issues.apache.org/jira/browse/HBASE-19334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16264933#comment-16264933
]
Anoop Sam John commented on HBASE-19334:
----------------------------------------
Ah sorry. The CP path gets the user from RpcServer#getRequestUser() which is a
thread local based get. On reqs to other servers only the user is getting
passed from the connection user. Should we fix the actual problem than fixing
the AC case alone? I mean when short circuit connection is been used, the user
is changing depending on target server or which API is been used. Should we try
for a fix on that? Possible?
> User.runAsLoginUser not work in AccessController because it use a short
> circuited connection
> --------------------------------------------------------------------------------------------
>
> Key: HBASE-19334
> URL: https://issues.apache.org/jira/browse/HBASE-19334
> Project: HBase
> Issue Type: Bug
> Reporter: Guanghao Zhang
> Assignee: Guanghao Zhang
> Attachments: HBASE-19334.master.001.patch
>
>
> The short-circuited connection will bypass the RPC and the RPC context didn't
> change. So it still use the old RPC user to write ACL table and
> User.runAsLoginUser not work.
> AccessController's grant method.
> {code}
> User.runAsLoginUser(new PrivilegedExceptionAction<Void>() {
> @Override
> public Void run() throws Exception {
> // regionEnv is set at #start. Hopefully not null at this point.
> try (Table table = regionEnv.getConnection().
> getTable(AccessControlLists.ACL_TABLE_NAME)) {
>
> AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm,
> table,
> request.getMergeExistingPermissions());
> }
> return null;
> }
> });
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
