You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2012/05/30 23:20:15 UTC

svn commit: r1344471 - in /hbase/branches/0.92: CHANGES.txt src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java

Author: stack
Date: Wed May 30 21:20:14 2012
New Revision: 1344471

URL: http://svn.apache.org/viewvc?rev=1344471&view=rev
Log:
HBASE-6068 Secure HBase cluster : Client not able to call some admin APIs

Modified:
    hbase/branches/0.92/CHANGES.txt
    hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java

Modified: hbase/branches/0.92/CHANGES.txt
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/CHANGES.txt?rev=1344471&r1=1344470&r2=1344471&view=diff
==============================================================================
--- hbase/branches/0.92/CHANGES.txt (original)
+++ hbase/branches/0.92/CHANGES.txt Wed May 30 21:20:14 2012
@@ -77,6 +77,7 @@ Release 0.92.2 - Unreleased
    HBASE-6126  Fix broke TestLocalHBaseCluster in 0.92/0.94
    HBASE-6133  TestRestartCluster failing in 0.92
    HBASE-6124  Backport HBASE-6033 to 0.90, 0.92 and 0.94 (Jimmy Xiang)
+   HBASE-6068  Secure HBase cluster : Client not able to call some admin APIs (Matteo Bertozzi)
 
   IMPROVEMENTS
    HBASE-5592  Make it easier to get a table from shell (Ben West)

Modified: hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java?rev=1344471&r1=1344470&r2=1344471&view=diff
==============================================================================
--- hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java (original)
+++ hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java Wed May 30 21:20:14 2012
@@ -711,10 +711,15 @@ public class ZKUtil {
 
   private static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node) {
     if (isSecureZooKeeper(zkw.getConfiguration())) {
-      // Certain znodes must be readable by non-authenticated clients
-      if ((node.equals(zkw.rootServerZNode) == true) ||
+      // Certain znodes are accessed directly by the client,
+      // so they must be readable by non-authenticated clients
+      if ((node.equals(zkw.baseZNode) == true) ||
+          (node.equals(zkw.rootServerZNode) == true) ||
           (node.equals(zkw.masterAddressZNode) == true) ||
-          (node.equals(zkw.clusterIdZNode) == true)) {
+          (node.equals(zkw.clusterIdZNode) == true) ||
+          (node.equals(zkw.rsZNode) == true) ||
+          (node.equals(zkw.backupMasterAddressesZNode) == true) ||
+          (node.startsWith(zkw.tableZNode) == true)) {
         return ZooKeeperWatcher.CREATOR_ALL_AND_WORLD_READABLE;
       }
       return Ids.CREATOR_ALL_ACL;