Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6951

Distinct minicluster services (e.g. NN and JT) overwrite each other's service policies

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.22.0
    • security
    • None
    • Reviewed

    Description

      Because the protocol -> ACL mapping in ServiceAuthorizationManager is static, services which are run in the same JVM have the potential to clobber the other's service authorization ACLs whenever ServiceAuthorizationManager.refresh() is called. This causes authorization failures if one tries to launch a 2NN connected to a minicluster with hadoop.security.authorization enabled. Seems like each service should have its own instance of a ServiceAuthorizationManager, instead of using static methods.

      Attachments

        1. hadoop-6951.2.txt
          6 kB
          Aaron Myers
        2. hadoop-6951.1.txt
          5 kB
          Aaron Myers
        3. hadoop-6951.txt.0
          5 kB
          Aaron Myers

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            atm Aaron Myers
            atm Aaron Myers
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment