You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Gary Helmling (JIRA)" <ji...@apache.org> on 2013/11/05 23:58:17 UTC

[jira] [Created] (HBASE-9897) Clean up some security configuration checks in LoadIncrementalHFiles

Gary Helmling created HBASE-9897:
------------------------------------

             Summary: Clean up some security configuration checks in LoadIncrementalHFiles
                 Key: HBASE-9897
                 URL: https://issues.apache.org/jira/browse/HBASE-9897
             Project: HBase
          Issue Type: Task
          Components: security
            Reporter: Gary Helmling


In LoadIncrementalHFiles, use of SecureBulkLoadClient is conditioned on UserProvider.isHBaseSecurityEnabled() in a couple of places.  However, use of secure bulk loading seems to be required more by use of HDFS secure authentication, instead of HBase secure authentication.  It should be possible to use secure bulk loading, as long as SecureBulkLoadEndpoint is loaded, and HDFS secure authentication is enabled, regardless of the HBase authentication configuration.

In addition, SecureBulkLoadEndpoint does a direct check on permissions by referencing AccessController loaded on the same region, i.e.:
{code}
      getAccessController().prePrepareBulkLoad(env);
{code}

It seems like this will throw an NPE if AccessController is not configured.  We need an additional null check to handle this case gracefully.



--
This message was sent by Atlassian JIRA
(v6.1#6144)