[
https://issues.apache.org/jira/browse/NIFI-4323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16309028#comment-16309028
]
ASF GitHub Bot commented on NIFI-4323:
--------------------------------------
Github user risdenk commented on the issue:
https://github.com/apache/nifi/pull/2360
Change looks very promising. I'm a huge +1 for removing the explicit
relogin thread and corresponding relogin interval setting. The wrapping in doas
also matches the doas code that Elasticsearch uses the the HDFS snapshot
repository.
For the `-Djavax.security.auth.useSubjectCredsOnly=true` recommendation, is
this just to ensure that this is never set to `false`? I thought the default
was `true` anyway. Is there a known case where this is set to false by default?
> Get/List/DeleteHDFS processors should use UGI.doAs when invoking HDFS
> operations
> --------------------------------------------------------------------------------
>
> Key: NIFI-4323
> URL: https://issues.apache.org/jira/browse/NIFI-4323
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.3.0
> Reporter: Jeff Storck
> Assignee: Jeff Storck
>
> While the Get/List/DeleteHDFS processors are working without wrapping HDFS
> operations in UGI.doAs calls, for best practice, those operations should be
> performed as PrivilegedExceptionActions supplied to the UGI.doAs method.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
