[
https://issues.apache.org/jira/browse/HBASE-19334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16264996#comment-16264996
]
Guanghao Zhang commented on HBASE-19334:
----------------------------------------
bq. when short circuit connection is been used, the user is changing depending
on target server or which API is been used.
If the target server is the local RS, we still can't change the user to super
user which started RS process? But if call User.runAsLoginUser, I thought we
should change the user, but need take a try for this. I don't know if it is
possible...
> User.runAsLoginUser not work in AccessController because it use a short
> circuited connection
> --------------------------------------------------------------------------------------------
>
> Key: HBASE-19334
> URL: https://issues.apache.org/jira/browse/HBASE-19334
> Project: HBase
> Issue Type: Bug
> Reporter: Guanghao Zhang
> Assignee: Guanghao Zhang
> Attachments: HBASE-19334.master.001.patch
>
>
> The short-circuited connection will bypass the RPC and the RPC context didn't
> change. So it still use the old RPC user to write ACL table and
> User.runAsLoginUser not work.
> AccessController's grant method.
> {code}
> User.runAsLoginUser(new PrivilegedExceptionAction<Void>() {
> @Override
> public Void run() throws Exception {
> // regionEnv is set at #start. Hopefully not null at this point.
> try (Table table = regionEnv.getConnection().
> getTable(AccessControlLists.ACL_TABLE_NAME)) {
>
> AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm,
> table,
> request.getMergeExistingPermissions());
> }
> return null;
> }
> });
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
