anmolnar commented on code in PR #6447:
URL: https://github.com/apache/hbase/pull/6447#discussion_r1846909017
##########
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java:
##########
@@ -366,13 +366,16 @@ public void processOneRpc(ByteBuff buf) throws
IOException, InterruptedException
processConnectionHeader(buf);
callCleanupIfNeeded();
this.connectionHeaderRead = true;
+ this.rpcServer.getRpcCoprocessorHost().preAuthorizeConnection();
if (rpcServer.needAuthorization() && !authorizeConnection()) {
// Throw FatalConnectionException wrapping ACE so client does right
thing and closes
// down the connection instead of trying to read non-existent retun.
throw new AccessDeniedException("Connection from " + this + " for
service "
+ connectionHeader.getServiceName() + " is unauthorized for user: "
+ ugi);
}
this.user = this.rpcServer.userProvider.create(this.ugi);
+ this.rpcServer.getRpcCoprocessorHost().postAuthorizeConnection(
+ this.user != null ? this.user.getName() : null,
this.clientCertificateChain);
Review Comment:
That makes sense too to me. I'll make this change too.
But:
Isn't that a problem to introduce too many dependencies required to pull in
by coprocessors?
`User` is in `hbase-common`, `ConnectionHeader` is in
`hbase-protocol-shaded`, the implementor has to reference all these to compile
the co-proc, but since they're generic hbase projects, it might not be a
problem at all. I'm not sure.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
