[
https://issues.apache.org/jira/browse/HBASE-24190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
zhangbuzhang updated HBASE-24190:
---------------------------------
Description:
In hbase-20586 (https://issues.apache.org/jira/browse/HBASE-20586)
(commit_sha: [https://github.com/apache/hbase/commit/cd61bcc0] )
The code added
([SyncTable.java|https://github.com/apache/hbase/commit/cd61bcc0#diff-d1b79635f33483bf6226609e91fd1cc3])
for the use of *hbase.security.authentication* is case-sensitive. So users
setting it to “KERBEROS” won’t take effect.
private void initCredentialsForHBase(String zookeeper, Job job) throws
IOException {
Configuration peerConf = HBaseConfiguration.createClusterConf(job
.getConfiguration(), zookeeper);
if(peerConf.get("hbase.security.authentication").equals("kerberos")){
TableMapReduceUtil.initCredentialsForCluster(job, peerConf);
}
}
However, in current code base, other uses of *hbase.security.authentication*
are all case-insensitive. For example in *MasterFileSystem.java.*
public MasterFileSystem(Configuration conf) throws IOException {
...
this.isSecurityEnabled =
"kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication"));
...
}
Users may misconfigured the parameter because of the case-senstive problem.
*How To Fix*
Using *eqaulsIgnoreCase* API consistently in every place when using
*hbase.security.authentication* or make it clear in Doc. (Current doc doesn't
mention it clearly)
was:
In hbase-20586 (https://issues.apache.org/jira/browse/HBASE-20586)
(commit_sha: [https://github.com/apache/hbase/commit/cd61bcc0] )
The code added
([SyncTable.java|https://github.com/apache/hbase/commit/cd61bcc0#diff-d1b79635f33483bf6226609e91fd1cc3])
for the use of *hbase.security.authentication* is case-sensitive. So users
setting it to “KERBEROS” won’t take effect.
!截屏2020-04-14下午7.57.45.png|width=531,height=176!
However, in current code base, other uses of *hbase.security.authentication*
are all case-insensitive. For example in *MasterFileSystem.java.*
public MasterFileSystem(Configuration conf) throws IOException
{ ... this.isSecurityEnabled =
"kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")); ... }
The doc in GitHub repo is also misleading
Users may misconfigured the parameter because of the case-senstive problem.
*How To Fix*
Using *eqaulsIgnoreCase* API consistently in every place when using
*hbase.security.authentication* or make it clear in Doc. (Current doc doesn't
mention it clearly)
> Case-sensitive use of configuration parameter hbase.security.authentication
> ---------------------------------------------------------------------------
>
> Key: HBASE-24190
> URL: https://issues.apache.org/jira/browse/HBASE-24190
> Project: HBase
> Issue Type: Bug
> Components: conf
> Reporter: zhangbuzhang
> Priority: Major
>
> In hbase-20586 (https://issues.apache.org/jira/browse/HBASE-20586)
> (commit_sha: [https://github.com/apache/hbase/commit/cd61bcc0] )
> The code added
> ([SyncTable.java|https://github.com/apache/hbase/commit/cd61bcc0#diff-d1b79635f33483bf6226609e91fd1cc3])
> for the use of *hbase.security.authentication* is case-sensitive. So users
> setting it to “KERBEROS” won’t take effect.
>
> private void initCredentialsForHBase(String zookeeper, Job job) throws
> IOException {
> Configuration peerConf = HBaseConfiguration.createClusterConf(job
> .getConfiguration(), zookeeper);
> if(peerConf.get("hbase.security.authentication").equals("kerberos")){
> TableMapReduceUtil.initCredentialsForCluster(job, peerConf);
> }
> }
> However, in current code base, other uses of *hbase.security.authentication*
> are all case-insensitive. For example in *MasterFileSystem.java.*
> public MasterFileSystem(Configuration conf) throws IOException {
> ...
> this.isSecurityEnabled =
> "kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication"));
> ...
> }
> Users may misconfigured the parameter because of the case-senstive problem.
> *How To Fix*
> Using *eqaulsIgnoreCase* API consistently in every place when using
> *hbase.security.authentication* or make it clear in Doc. (Current doc doesn't
> mention it clearly)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
