[
https://issues.apache.org/jira/browse/HBASE-5371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Enis Soztutar updated HBASE-5371:
---------------------------------
Attachment: HBASE-5371-addendum_v1.patch
>From my testing and understanding from the code, the version defined by the
>coprocossor is not checked in the invocation code path. So the version defined
>in AccessControllerProtocol is not relevant anyway. We can file a new jira for
>version checking, but since we are going to work on wire compatibility for
>coprocessors. let's wait on that for now.
I am attaching a patch which decreases the version back to 1. I have tested
adding a new method to the client, and invoking the old server, and the method
invocation throws NoSuchMethodException wrapped around
RetriesExhaustedException. Applying this patch to trunk, and pushing both of
these to 0.92.1 seems fine to me. wdyt?
{code}
org.apache.hadoop.hbase.client.RetriesExhaustedException: Failed after
attempts=10, exceptions:
Tue Feb 21 18:04:37 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:04:38 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:04:39 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:04:40 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:04:42 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:04:44 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:04:48 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:04:52 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:05:00 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
Tue Feb 21 18:05:16 PST 2012,
org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException:
java.io.IOException: java.lang.NoSuchMethodException:
org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
at
org.apache.hadoop.hbase.client.ServerCallable.withRetries(ServerCallable.java:183)
at
org.apache.hadoop.hbase.ipc.ExecRPCInvoker.invoke(ExecRPCInvoker.java:79)
at $Proxy2.shinyNewMethod(Unknown Source)
at org.apache.hadoop.hbase.NewMethodTest.main(NewMethodTest.java:36)
{code}
@Andrew an alternate strategy would be for the client to actually perform an
operation and see whether if it fails or not. But to do that, the client has to
create a dummy table, or put a dummy value, etc, which seems very dangerous.
Throwing NoSuchMethod seems more appropriate to me, if the server does not
suppport the call.
> Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons)
> API
> --------------------------------------------------------------------------------
>
> Key: HBASE-5371
> URL: https://issues.apache.org/jira/browse/HBASE-5371
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.92.1
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
> Fix For: 0.94.0
>
> Attachments: HBASE-5371-addendum_v1.patch, HBASE-5371_v2.patch,
> HBASE-5371_v3-noprefix.patch, HBASE-5371_v3.patch
>
>
> We need to introduce something like
> AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so
> that clients can check access rights before carrying out the operations. We
> need this kind of operation for HCATALOG-245, which introduces authorization
> providers for hbase over hcat. We cannot use getUserPermissions() since it
> requires ADMIN permissions on the global/table level.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
