smengcl commented on a change in pull request #1801:
URL: https://github.com/apache/ozone/pull/1801#discussion_r566750353
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMDBCheckpointServlet.java
##########
@@ -106,6 +139,35 @@ public void doGet(HttpServletRequest request,
HttpServletResponse response) {
return;
}
+ // Check ACL for dbCheckpoint only when global Ozone ACL is enable
+ if (om.getAclsEnabled()) {
+ final java.security.Principal userPrincipal = request.getUserPrincipal();
+ if (userPrincipal == null) {
+ // Fallback to checking login user if getUserPrincipal returns null.
+ // Note: In prod, a secure cluster with Kerberos should not hit this
+ // branch. This is mostly here for UT and dev testing.
+ final String remoteUser = request.getRemoteUser();
Review comment:
should be fine as the string isn't deferenced. just printed in the log.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
