You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by re...@apache.org on 2020/04/09 08:46:29 UTC
[hbase] branch branch-2.2 updated: HBASE-24121 [Authorization]
ServiceAuthorizationManager isn't dynamically updatable. And it should be
(#1439)
This is an automated email from the ASF dual-hosted git repository.
reidchan pushed a commit to branch branch-2.2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.2 by this push:
new c99e644 HBASE-24121 [Authorization] ServiceAuthorizationManager isn't dynamically updatable. And it should be (#1439)
c99e644 is described below
commit c99e6446141d9f69b2c9368fcc923c148ade0fc2
Author: Reid Chan <re...@apache.org>
AuthorDate: Thu Apr 9 16:28:22 2020 +0800
HBASE-24121 [Authorization] ServiceAuthorizationManager isn't dynamically updatable. And it should be (#1439)
Signed-off-by: Bharath Vissapragada <bh...@apache.org>
Signed-off-by: Michael Stack <st...@apache.org>
Conflicts:
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
---
.../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index 84c78d6..74a96f9 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -49,6 +49,7 @@ import org.apache.hadoop.hbase.nio.ByteBuff;
import org.apache.hadoop.hbase.nio.MultiByteBuff;
import org.apache.hadoop.hbase.nio.SingleByteBuff;
import org.apache.hadoop.hbase.regionserver.RSRpcServices;
+import org.apache.hadoop.hbase.security.HBasePolicyProvider;
import org.apache.hadoop.hbase.security.SaslUtil;
import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection;
import org.apache.hadoop.hbase.security.User;
@@ -59,6 +60,7 @@ import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.PolicyProvider;
+import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.TokenIdentifier;
@@ -336,6 +338,14 @@ public abstract class RpcServer implements RpcServerInterface,
if (scheduler instanceof ConfigurationObserver) {
((ConfigurationObserver) scheduler).onConfigurationChange(newConf);
}
+ // Make sure authManager will read hbase-policy file
+ System.setProperty("hadoop.policy.file", "hbase-policy.xml");
+ synchronized (authManager) {
+ authManager.refresh(newConf, new HBasePolicyProvider());
+ }
+ LOG.info("Refreshed hbase-policy.xml successfully");
+ ProxyUsers.refreshSuperUserGroupsConfiguration(newConf);
+ LOG.info("Refreshed super and proxy users successfully");
}
protected void initReconfigurable(Configuration confToLoad) {