You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by Erik Bengtson <er...@jpox.org> on 2009/11/27 10:14:04 UTC
running hbase client with a security manager activated causes
security exceptions
Hi,
A DataNucleus, HBase user posted this:
http://www.jpox.org/servlet/forum/viewthread_thread,5869
He is having trouble to run DataNucleus HBase in a JVM running with
security manager activated.
The permission required for the codebase is a SocketPermission,
however the HBase client api does not run in a privileged block.
To workaround we've added the doPrivileged block in DataNucleus, and
the user grants datanucleus-hbase jar the SocketPermission.
However, I think you should add these doPrivileged blocks to HBase
code. Could you please look at these, and let me know when it's
solved, so we can remove the doPrivileged blocks from DataNucleus
code?
Re: running hbase client with a security manager activated causes
security exceptions
Posted by Erik Bengtson <er...@jpox.org>.
Maybe the bug is inside the Hadoop code (NetUtils class), and not in
Hbase, but it really needs someone with knowledge and time to look at
this. Meanwhile, at least in datanucleus, if the user grants
datanucleus-hbase socket permissions the application will run.
Re: running hbase client with a security manager activated causes
security exceptions
Posted by Ryan Rawson <ry...@gmail.com>.
The bug is in there, despite your "demand" that we fix it, hopefully
at some point someone with the interest and skill will pick it up and
submit a patch.
Thanks for the report,
-ryan
On Fri, Nov 27, 2009 at 1:50 AM, Erik Bengtson <er...@jpox.org> wrote:
> Reported here: https://issues.apache.org/jira/browse/HBASE-2015
>
> Sadly, HBase codebase is too large and complex, so I cannot pretend to
> provide any patch.
>
> Running the setupIOstreams method in a doPrivileged block is a begin.
>
> http://svn.apache.org/viewvc/hadoop/hbase/trunk/src/java/org/apache/hadoop/hbase/ipc/HBaseClient.java?revision=826569&view=markup
>
Re: running hbase client with a security manager activated causes
security exceptions
Posted by Erik Bengtson <er...@jpox.org>.
Reported here: https://issues.apache.org/jira/browse/HBASE-2015
Sadly, HBase codebase is too large and complex, so I cannot pretend to
provide any patch.
Running the setupIOstreams method in a doPrivileged block is a begin.
http://svn.apache.org/viewvc/hadoop/hbase/trunk/src/java/org/apache/hadoop/hbase/ipc/HBaseClient.java?revision=826569&view=markup
Re: running hbase client with a security manager activated causes
security exceptions
Posted by Ryan Rawson <ry...@gmail.com>.
Hi,
Thanks for your concern about potential flaws in HBase. I would like
to point your attention to this page:
http://wiki.apache.org/hadoop/Hbase/HowToContribute
Feel free to file a JIRA at: https://issues.apache.org/jira/browse/HBASE
And once you have a solution we would be happy to review any patches
you provide.
Thanks,
-ryan
On Fri, Nov 27, 2009 at 1:14 AM, Erik Bengtson <er...@jpox.org> wrote:
> Hi,
>
> A DataNucleus, HBase user posted this:
> http://www.jpox.org/servlet/forum/viewthread_thread,5869
>
> He is having trouble to run DataNucleus HBase in a JVM running with
> security manager activated.
>
> The permission required for the codebase is a SocketPermission,
> however the HBase client api does not run in a privileged block.
>
> To workaround we've added the doPrivileged block in DataNucleus, and
> the user grants datanucleus-hbase jar the SocketPermission.
>
> However, I think you should add these doPrivileged blocks to HBase
> code. Could you please look at these, and let me know when it's
> solved, so we can remove the doPrivileged blocks from DataNucleus
> code?
>