[HADOOP-6951] Distinct minicluster services (e.g. NN and JT) overwrite each other's service policies - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.22.0
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed

Description

Because the protocol -> ACL mapping in ServiceAuthorizationManager is static, services which are run in the same JVM have the potential to clobber the other's service authorization ACLs whenever ServiceAuthorizationManager.refresh() is called. This causes authorization failures if one tries to launch a 2NN connected to a minicluster with hadoop.security.authorization enabled. Seems like each service should have its own instance of a ServiceAuthorizationManager, instead of using static methods.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

hadoop-6951.2.txt
21/Sep/10 23:43
6 kB
Aaron Myers
hadoop-6951.1.txt
15/Sep/10 20:57
5 kB
Aaron Myers
hadoop-6951.txt.0
15/Sep/10 01:21
5 kB
Aaron Myers

Issue Links

incorporates

HDFS-1399 Distinct minicluster services (e.g. NN and JT) overwrite each other's service policies

Closed

MAPREDUCE-2067 Distinct minicluster services (e.g. NN and JT) overwrite each other's service policies

Closed

Activity

People

Assignee:: Aaron Myers

Reporter:: Aaron Myers

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 13/Sep/10 18:55

Updated:: 12/Dec/11 06:20

Resolved:: 30/Sep/10 00:14