lujiefsi edited a comment on pull request #2809: URL: https://github.com/apache/hbase/pull/2809#issuecomment-751138386
It seems that everything is ok, The only question is can we add the fix for [HBASE-25441](https://issues.apache.org/jira/browse/HBASE-25441) in this pull reqeust? Then I want to summay the reason why previous UT fails, hope this can help others who write UT about AccessController. 1. In the first version, I use _'TEST_UTIL.getHbck'_ to get client: _'getHbck'_, then use its '_getConnection_' to obtain the connection(**be careful here**). This connection is _systemUserConnection_(see TestAccessController#278), that means if you use this connection, the user passed to RPCServer are always the system user, i.e. who run the UT, hence permission check are always passed. 2. In the second version, i use _ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()_ to obtain the connection and use this connection to gain the hbck, i can pass the user who really call the command to RPCServer. Checking the test log we can see that _AccessDeniedException_ is thrown, But UT still can not see it. After checking the code, i found that the exception **are warped into _RemoteWithExtrasException_** who are not handled in method _SecureTestUtil@verifyDenied_.. Other UT call the command on RPCServer directly, not through the RPC, so they do not meet this problem. In future, if we want to add more test about RPC security, we need address this problem. I have fixed this bug in this pull request by unwaping the _RemoteWithExtrasException_. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org