You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Andrew Kyle Purtell (Jira)" <ji...@apache.org> on 2022/06/16 18:29:00 UTC

[jira] [Resolved] (HBASE-9897) Clean up some security configuration checks in LoadIncrementalHFiles

     [ https://issues.apache.org/jira/browse/HBASE-9897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Kyle Purtell resolved HBASE-9897.
----------------------------------------
    Resolution: Incomplete

> Clean up some security configuration checks in LoadIncrementalHFiles
> --------------------------------------------------------------------
>
>                 Key: HBASE-9897
>                 URL: https://issues.apache.org/jira/browse/HBASE-9897
>             Project: HBase
>          Issue Type: Task
>          Components: security
>            Reporter: Gary Helmling
>            Priority: Major
>
> In LoadIncrementalHFiles, use of SecureBulkLoadClient is conditioned on UserProvider.isHBaseSecurityEnabled() in a couple of places.  However, use of secure bulk loading seems to be required more by use of HDFS secure authentication, instead of HBase secure authentication.  It should be possible to use secure bulk loading, as long as SecureBulkLoadEndpoint is loaded, and HDFS secure authentication is enabled, regardless of the HBase authentication configuration.
> In addition, SecureBulkLoadEndpoint does a direct check on permissions by referencing AccessController loaded on the same region, i.e.:
> {code}
>       getAccessController().prePrepareBulkLoad(env);
> {code}
> It seems like this will throw an NPE if AccessController is not configured.  We need an additional null check to handle this case gracefully.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)