Arun Mahadevan created STORM-2563:
-------------------------------------
Summary: Remove the workaround to handle missing
UGI.loginUserFromSubject
Key: STORM-2563
URL: https://issues.apache.org/jira/browse/STORM-2563
Project: Apache Storm
Issue Type: Bug
Reporter: Arun Mahadevan
Assignee: Arun Mahadevan
https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java#L225
The "userCons.setAccessible(true)" invokes constructor of a package private
class bypassing the Java access control checks and raising red flags in our
internal security scans.
The "loginUserFromSubject(Subject subject)" has been added to UGI
(https://issues.apache.org/jira/browse/HADOOP-10164) and available since Hadoop
version 2.3 released over three years ago
(http://hadoop.apache.org/releases.html).
I think the workaround is no longer required since the case will not happen
when using hadoop-common versions >= 2.3
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
