joshelser commented on a change in pull request #884: HBASE-23347 Allowable
custom authentication methods for RPCs
URL: https://github.com/apache/hbase/pull/884#discussion_r359000668
##########
File path:
hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcConnection.java
##########
@@ -216,16 +152,16 @@ public void run(Timeout timeout) throws Exception {
System.arraycopy(HConstants.RPC_HEADER, 0, preamble, 0, rpcHeaderLen);
preamble[rpcHeaderLen] = HConstants.RPC_CURRENT_VERSION;
synchronized (this) {
- preamble[rpcHeaderLen + 1] = authMethod.code;
+ preamble[rpcHeaderLen + 1] = provider.getSaslAuthMethod().getCode();
}
return preamble;
}
protected ConnectionHeader getConnectionHeader() {
- ConnectionHeader.Builder builder = ConnectionHeader.newBuilder();
+ final ConnectionHeader.Builder builder = ConnectionHeader.newBuilder();
builder.setServiceName(remoteId.getServiceName());
- UserInformation userInfoPB;
- if ((userInfoPB = getUserInfo(remoteId.ticket.getUGI())) != null) {
+ final UserInformation userInfoPB =
provider.getUserInfo(remoteId.ticket.getUGI());
Review comment:
Heh, I struggled with how to capture this in an interface. This boils down
to getting the "real user" from UGI.
The intent is meant to be: if your authentication method support some kind
of "user proxying" implementation, please return the user who was involved with
the authentication (e.g. the one that provided credentials), not any proxy user
that may be riding on "top" of the real user.
I don't like this interface, but I'm not sure how to better abstract it at
this point.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
