You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2019/01/13 05:29:00 UTC
[jira] [Created] (SENTRY-2486) Wrong user name when sentry
HMSFollower gets full snapshot from HMS at insecure mode
Na Li created SENTRY-2486:
-----------------------------
Summary: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
Key: SENTRY-2486
URL: https://issues.apache.org/jira/browse/SENTRY-2486
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.2.0
Reporter: Na Li
Assignee: Na Li
In insecure mode, the current login user name is passed from Sentry to HMS server when sentry HMSFollower gets full snapshot from HMS.
The user name should be "sentry" instead of current login user.
The followiong code shows how current login user name is used when subject is null.
In UserGroupInformation, if the context does not have subject, the getLoginUser()
@Public
@Evolving
public static UserGroupInformation getCurrentUser() throws IOException {
AccessControlContext context = AccessController.getContext();
Subject subject = Subject.getSubject(context);
return subject != null && !subject.getPrincipals(User.class).isEmpty() ? new UserGroupInformation(subject) : getLoginUser();
}
This issue should not happen in production because secure mode is always used. Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)