[
https://issues.apache.org/jira/browse/NIFI-4323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16302189#comment-16302189
]
ASF GitHub Bot commented on NIFI-4323:
--------------------------------------
Github user joewitt commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2360#discussion_r158575727
--- Diff:
nifi-nar-bundles/nifi-extension-utils/nifi-hadoop-utils/src/main/java/org/apache/nifi/hadoop/SecurityUtil.java
---
@@ -51,7 +50,8 @@ public static synchronized UserGroupInformation
loginKerberos(final Configuratio
Validate.notNull(keyTab);
UserGroupInformation.setConfiguration(config);
- return
UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal.trim(),
keyTab.trim());
+ UserGroupInformation.loginUserFromKeytab(principal.trim(),
keyTab.trim());
--- End diff --
I think we should document in bold language precisely why this change is so
critical. That the method that was being used did not set the static
loginContext in the UGI object meant that its utility once a relogin/expiry
hits was nearly nil is critical and we should document this foreverever.
> Get/List/DeleteHDFS processors should use UGI.doAs when invoking HDFS
> operations
> --------------------------------------------------------------------------------
>
> Key: NIFI-4323
> URL: https://issues.apache.org/jira/browse/NIFI-4323
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.3.0
> Reporter: Jeff Storck
> Assignee: Jeff Storck
>
> While the Get/List/DeleteHDFS processors are working without wrapping HDFS
> operations in UGI.doAs calls, for best practice, those operations should be
> performed as PrivilegedExceptionActions supplied to the UGI.doAs method.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
