HBase
  1. HBase
  2. HBASE-5305 Improve cross-version compatibility & upgradeability
  3. HBASE-5732

Remove the SecureRPCEngine and merge the security-related logic in the core engine

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.95.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727.

      1. rpcengine-merge.patch
        275 kB
        Devaraj Das
      2. rpcengine-merge.3.patch
        349 kB
        Devaraj Das
      3. rpcengine-merge.4.patch
        354 kB
        Devaraj Das
      4. 5732-rpcengine-merge.7.patch
        352 kB
        Ted Yu
      5. rpcengine-merge.9.patch
        357 kB
        Devaraj Das
      6. rpcengine-merge.10.patch
        358 kB
        Devaraj Das
      7. rpcengine-merge.11.patch
        357 kB
        Devaraj Das
      8. 5732-rpcengine-merge.11.patch
        357 kB
        Ted Yu
      9. rpcengine-merge.12.patch
        357 kB
        Devaraj Das
      10. 5732-rpcengine-merge.12.patch
        357 kB
        Ted Yu

        Issue Links

          Activity

          Hide
          stack added a comment -

          Marking closed.

          Show
          stack added a comment - Marking closed.
          Hide
          Devaraj Das added a comment -

          Recent trunk build failure was caused by an empty file which should have been deleted from source repo

          My fault. I forgot to 'svn remove' the file before generating the patch. Thanks, Ted for fixing the build.

          Show
          Devaraj Das added a comment - Recent trunk build failure was caused by an empty file which should have been deleted from source repo My fault. I forgot to 'svn remove' the file before generating the patch. Thanks, Ted for fixing the build.
          Hide
          Hudson added a comment -

          Integrated in HBase-TRUNK #2870 (See https://builds.apache.org/job/HBase-TRUNK/2870/)
          HBASE-5732 Remove empty file: hadoop/hbase/ipc/ConnectionHeader.java which caused rat check to fail (Revision 1337440)

          Result = FAILURE
          tedyu :
          Files :

          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java
          Show
          Hudson added a comment - Integrated in HBase-TRUNK #2870 (See https://builds.apache.org/job/HBase-TRUNK/2870/ ) HBASE-5732 Remove empty file: hadoop/hbase/ipc/ConnectionHeader.java which caused rat check to fail (Revision 1337440) Result = FAILURE tedyu : Files : /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java
          Hide
          Ted Yu added a comment -

          Recent trunk build failure was caused by an empty file which should have been deleted from source repo:

          $ ls -l src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java
          -rw-r--r--  1 zhihyu  110088321  0 May 11 17:04 src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java
          

          From https://builds.apache.org/view/G-L/view/HBase/job/HBase-TRUNK/2868/artifact/trunk/target/rat.txt:

          Printing headers for files without AL header...
           
           
           =======================================================================
           ==src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java
          

          I have removed this file from trunk.

          Show
          Ted Yu added a comment - Recent trunk build failure was caused by an empty file which should have been deleted from source repo: $ ls -l src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java -rw-r--r-- 1 zhihyu 110088321 0 May 11 17:04 src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java From https://builds.apache.org/view/G-L/view/HBase/job/HBase-TRUNK/2868/artifact/trunk/target/rat.txt: Printing headers for files without AL header... ======================================================================= ==src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java I have removed this file from trunk.
          Hide
          Hudson added a comment -

          Integrated in HBase-TRUNK #2865 (See https://builds.apache.org/job/HBase-TRUNK/2865/)
          HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine; I MISSED A FEW DELETES – REMOVE SECURITY DIR (Revision 1337399)
          HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine; I MISSED A FEW DELETES (Revision 1337398)
          HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine (Revision 1337396)

          Result = FAILURE
          stack :
          Files :

          • /hbase/trunk/security

          stack :
          Files :

          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureConnectionHeader.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureRpcEngine.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token

          stack :
          Files :

          • /hbase/trunk/pom.xml
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java
          • /hbase/trunk/security/src/test
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java
          • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java
          • /hbase/trunk/src/main/protobuf/RPC.proto
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java
          • /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java
          • /hbase/trunk/src/test/resources/hbase-site.xml
          Show
          Hudson added a comment - Integrated in HBase-TRUNK #2865 (See https://builds.apache.org/job/HBase-TRUNK/2865/ ) HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine; I MISSED A FEW DELETES – REMOVE SECURITY DIR (Revision 1337399) HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine; I MISSED A FEW DELETES (Revision 1337398) HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine (Revision 1337396) Result = FAILURE stack : Files : /hbase/trunk/security stack : Files : /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureConnectionHeader.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureRpcEngine.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token stack : Files : /hbase/trunk/pom.xml /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java /hbase/trunk/security/src/test /hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java /hbase/trunk/src/main/protobuf/RPC.proto /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java /hbase/trunk/src/test/resources/hbase-site.xml
          Hide
          Devaraj Das added a comment -

          Thanks, Stack, Andrew and Ted.. I'll take care of the follow-ups.

          Show
          Devaraj Das added a comment - Thanks, Stack, Andrew and Ted.. I'll take care of the follow-ups.
          Hide
          stack added a comment -

          Committed to trunk. Thanks for the patch DD. Thanks for reviews Ted and Andrew and for helping steer it in.

          DD, please add the issues for what we need to include from hadoop. This issue also needs a fat release note. You might also checkout the doc we have in the manual, the new security chapter, to see if anything has changed regards security post-commit.

          Good stuff.

          Show
          stack added a comment - Committed to trunk. Thanks for the patch DD. Thanks for reviews Ted and Andrew and for helping steer it in. DD, please add the issues for what we need to include from hadoop. This issue also needs a fat release note. You might also checkout the doc we have in the manual, the new security chapter, to see if anything has changed regards security post-commit. Good stuff.
          Hide
          Ted Yu added a comment -

          Patch v12 is ready for integration.

          Show
          Ted Yu added a comment - Patch v12 is ready for integration.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12526466/5732-rpcengine-merge.12.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 37 new or modified tests.

          +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in .

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526466/5732-rpcengine-merge.12.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//console This message is automatically generated.
          Hide
          Ted Yu added a comment -

          Re-attaching patch v12.

          Show
          Ted Yu added a comment - Re-attaching patch v12.
          Hide
          Ted Yu added a comment -

          Reattaching patch v12 would allow Hadoop QA to rerun the tests.

          We can also run test suite ourselves and observe if there is any hanging unit test(s).

          Show
          Ted Yu added a comment - Reattaching patch v12 would allow Hadoop QA to rerun the tests. We can also run test suite ourselves and observe if there is any hanging unit test(s).
          Hide
          Devaraj Das added a comment -

          There are actually no unit test failures (when i look at the console). Not sure why hadoopqa gave a -1.

          Show
          Devaraj Das added a comment - There are actually no unit test failures (when i look at the console). Not sure why hadoopqa gave a -1.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12526450/rpcengine-merge.12.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 37 new or modified tests.

          +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests:

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526450/rpcengine-merge.12.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//console This message is automatically generated.
          Hide
          Devaraj Das added a comment -

          This is the patch that I just uploaded on RB. The patch still applies. Would appreciate a review/commit round on this

          Ted, yes, I'll look for security fixes over in Hadoop that HBase should be caring about. Thanks for the pointers.

          Show
          Devaraj Das added a comment - This is the patch that I just uploaded on RB. The patch still applies. Would appreciate a review/commit round on this Ted, yes, I'll look for security fixes over in Hadoop that HBase should be caring about. Thanks for the pointers.
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/
          -----------------------------------------------------------

          (Updated 2012-05-10 23:19:45.031886)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Changes
          -------

          Upon testing with with a mapreduce job (PerformanceEvaluation.java), I found a bug to do with delegation tokens. This patch fixes that.

          Summary
          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.
          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs (updated)


          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1336441
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1336441

          Diff: https://reviews.apache.org/r/4953/diff

          Testing
          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-10 23:19:45.031886) Review request for Ted Yu, Michael Stack and Andrew Purtell. Changes ------- Upon testing with with a mapreduce job (PerformanceEvaluation.java), I found a bug to do with delegation tokens. This patch fixes that. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs (updated) http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1336441 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          Ted Yu added a comment -

          @Devaraj:
          I found the following JIRAs related to relogin:
          HADOOP-6559 The RPC client should try to re-login when it detects that the TGT expired
          HADOOP-6706 Relogin behavior for RPC clients could be improved
          HADOOP-7930 Kerberos relogin interval in UserGroupInformation should be configurable

          Please create JIRAs to port relevant ones over and link them to this JIRA.

          Thanks

          Show
          Ted Yu added a comment - @Devaraj: I found the following JIRAs related to relogin: HADOOP-6559 The RPC client should try to re-login when it detects that the TGT expired HADOOP-6706 Relogin behavior for RPC clients could be improved HADOOP-7930 Kerberos relogin interval in UserGroupInformation should be configurable Please create JIRAs to port relevant ones over and link them to this JIRA. Thanks
          Hide
          Ted Yu added a comment -

          In most recent PreCommit run:

          Running org.apache.hadoop.hbase.replication.TestReplication
          Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 151.199 sec
          

          The failed tests themselves have been flaky.

          @Stack, @Andy:
          Do you want to take another look ?

          Show
          Ted Yu added a comment - In most recent PreCommit run: Running org.apache.hadoop.hbase.replication.TestReplication Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 151.199 sec The failed tests themselves have been flaky. @Stack, @Andy: Do you want to take another look ?
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12526283/5732-rpcengine-merge.11.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 37 new or modified tests.

          +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests:
          org.apache.hadoop.hbase.TestDrainingServer

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526283/5732-rpcengine-merge.11.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.TestDrainingServer Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//console This message is automatically generated.
          Hide
          Ted Yu added a comment -

          Re-attaching patch v11.

          Show
          Ted Yu added a comment - Re-attaching patch v11.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12526266/rpcengine-merge.11.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 37 new or modified tests.

          +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests:
          org.apache.hadoop.hbase.replication.TestReplication

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526266/rpcengine-merge.11.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.replication.TestReplication Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//console This message is automatically generated.
          Hide
          Devaraj Das added a comment -

          Ok, here it is. I removed the updates to the policy file and to the corresponding keys in HBasePolicyProvider.java. Other than that, no change.

          Show
          Devaraj Das added a comment - Ok, here it is. I removed the updates to the policy file and to the corresponding keys in HBasePolicyProvider.java. Other than that, no change.
          Hide
          Ted Yu added a comment -

          @Devaraj:
          I think punting this particular change to another JIRA should be Okay.

          Show
          Ted Yu added a comment - @Devaraj: I think punting this particular change to another JIRA should be Okay.
          Hide
          Devaraj Das added a comment -

          Good points, Ted. Maybe we should punt on these changes to another jira since the patch here is not directly concerned with these names... Thoughts? (I'll then submit a revised patch)

          Show
          Devaraj Das added a comment - Good points, Ted. Maybe we should punt on these changes to another jira since the patch here is not directly concerned with these names... Thoughts? (I'll then submit a revised patch)
          Hide
          Ted Yu added a comment -

          For this change:

          -    <name>security.client.protocol.acl</name>
          +    <name>security.hbase.client.protocol.acl</name>
          

          the same entry (security.client.protocol.acl) is in conf/hbase-policy.xml of 0.94 branch. We should deprecate the this entry in 0.94, right ?

          The other two entries in hbase-policy.xml start with 'security.' instead of 'security.hbase.'
          I wonder if the three entries should be treated in the same manner.

          Show
          Ted Yu added a comment - For this change: - <name>security.client.protocol.acl</name> + <name>security.hbase.client.protocol.acl</name> the same entry (security.client.protocol.acl) is in conf/hbase-policy.xml of 0.94 branch. We should deprecate the this entry in 0.94, right ? The other two entries in hbase-policy.xml start with 'security.' instead of 'security.hbase.' I wonder if the three entries should be treated in the same manner.
          Hide
          Devaraj Das added a comment -

          Patch with the last set of comments incorporated.

          Show
          Devaraj Das added a comment - Patch with the last set of comments incorporated.
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-09 18:02:12, Andrew Purtell wrote:

          > Mostly +1. A couple of minor comments, one question on API annotation.

          Thanks, Andrew.

          On 2012-05-09 18:02:12, Andrew Purtell wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java, line 677

          > <https://reviews.apache.org/r/4953/diff/4/?file=107883#file107883line677>

          >

          > Do we have a testcase for relogin?

          >

          > In our production with the older implementation of secure HBase RPC, we see swarms of GSS initiaition failure due to missing TGT for 5-10 seconds, and we speculate this is a race around relogin.

          It's not straightforward to write a testcase for the security APIs, unfortunately. I'd propose we open a jira for the relogin issue (over in hadoop, iirc, we've fixed some issues to do with relogin races in the recent past; we should put the fixes here)...

          On 2012-05-09 18:02:12, Andrew Purtell wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1328

          > <https://reviews.apache.org/r/4953/diff/4/?file=107884#file107884line1328>

          >

          > Debug logging should be wrapped in a conditional, no biggie.

          Done.

          On 2012-05-09 18:02:12, Andrew Purtell wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1937

          > <https://reviews.apache.org/r/4953/diff/4/?file=107884#file107884line1937>

          >

          > This is probably just going to add noise.

          Removed.

          On 2012-05-09 18:02:12, Andrew Purtell wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java, line 35

          > <https://reviews.apache.org/r/4953/diff/4/?file=107889#file107889line35>

          >

          > Maybe should be "security.hbase.*", what do you think?

          This is how it is in the current trunk. But yeah, makes sense to have the key as "security.hbase.*".

          On 2012-05-09 18:02:12, Andrew Purtell wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java, line 94

          > <https://reviews.apache.org/r/4953/diff/4/?file=107890#file107890line94>

          >

          > It might be better to say 'Kerberos principal does not have the expected format'

          Done.

          On 2012-05-09 18:02:12, Andrew Purtell wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java, line 53

          > <https://reviews.apache.org/r/4953/diff/4/?file=107892#file107892line53>

          >

          > Should this be Public+Evolving?

          Done. Although I was wondering whether it makes sense to have it as Private+Evolving. But if it is currently used by apps outside the core of hbase, it makes sense to have it as Public+Evolving..

          On 2012-05-09 18:02:12, Andrew Purtell wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml, line 126

          > <https://reviews.apache.org/r/4953/diff/4/?file=107918#file107918line126>

          >

          > Why this change? Unrelated junk from other work?

          In the hbase-site.xml of security/src/test/resources, this block of configuration was there. Now that there is a single profile, I thought I should not lose this and added this in the src/test/resources/hbase-site.xml..

          • Devaraj

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7738
          -----------------------------------------------------------

          On 2012-05-09 23:03:45, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-09 23:03:45)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/conf/hbase-policy.xml 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335370

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-09 18:02:12, Andrew Purtell wrote: > Mostly +1. A couple of minor comments, one question on API annotation. Thanks, Andrew. On 2012-05-09 18:02:12, Andrew Purtell wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java , line 677 > < https://reviews.apache.org/r/4953/diff/4/?file=107883#file107883line677 > > > Do we have a testcase for relogin? > > In our production with the older implementation of secure HBase RPC, we see swarms of GSS initiaition failure due to missing TGT for 5-10 seconds, and we speculate this is a race around relogin. It's not straightforward to write a testcase for the security APIs, unfortunately. I'd propose we open a jira for the relogin issue (over in hadoop, iirc, we've fixed some issues to do with relogin races in the recent past; we should put the fixes here)... On 2012-05-09 18:02:12, Andrew Purtell wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1328 > < https://reviews.apache.org/r/4953/diff/4/?file=107884#file107884line1328 > > > Debug logging should be wrapped in a conditional, no biggie. Done. On 2012-05-09 18:02:12, Andrew Purtell wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1937 > < https://reviews.apache.org/r/4953/diff/4/?file=107884#file107884line1937 > > > This is probably just going to add noise. Removed. On 2012-05-09 18:02:12, Andrew Purtell wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java , line 35 > < https://reviews.apache.org/r/4953/diff/4/?file=107889#file107889line35 > > > Maybe should be "security.hbase.*", what do you think? This is how it is in the current trunk. But yeah, makes sense to have the key as "security.hbase.*". On 2012-05-09 18:02:12, Andrew Purtell wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java , line 94 > < https://reviews.apache.org/r/4953/diff/4/?file=107890#file107890line94 > > > It might be better to say 'Kerberos principal does not have the expected format' Done. On 2012-05-09 18:02:12, Andrew Purtell wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java , line 53 > < https://reviews.apache.org/r/4953/diff/4/?file=107892#file107892line53 > > > Should this be Public+Evolving? Done. Although I was wondering whether it makes sense to have it as Private+Evolving. But if it is currently used by apps outside the core of hbase, it makes sense to have it as Public+Evolving.. On 2012-05-09 18:02:12, Andrew Purtell wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml , line 126 > < https://reviews.apache.org/r/4953/diff/4/?file=107918#file107918line126 > > > Why this change? Unrelated junk from other work? In the hbase-site.xml of security/src/test/resources, this block of configuration was there. Now that there is a single profile, I thought I should not lose this and added this in the src/test/resources/hbase-site.xml.. Devaraj ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7738 ----------------------------------------------------------- On 2012-05-09 23:03:45, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-09 23:03:45) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/conf/hbase-policy.xml 1335370 http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335370 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7738
          -----------------------------------------------------------

          Mostly +1. A couple of minor comments, one question on API annotation.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
          <https://reviews.apache.org/r/4953/#comment17034>

          Do we have a testcase for relogin?

          In our production with the older implementation of secure HBase RPC, we see swarms of GSS initiaition failure due to missing TGT for 5-10 seconds, and we speculate this is a race around relogin.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment17035>

          Debug logging should be wrapped in a conditional, no biggie.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment17033>

          This is probably just going to add noise.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java
          <https://reviews.apache.org/r/4953/#comment17036>

          Maybe should be "security.hbase.*", what do you think?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
          <https://reviews.apache.org/r/4953/#comment17037>

          It might be better to say 'Kerberos principal does not have the expected format'

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java
          <https://reviews.apache.org/r/4953/#comment17038>

          Should this be Public+Evolving?

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml
          <https://reviews.apache.org/r/4953/#comment17040>

          Why this change? Unrelated junk from other work?

          • Andrew

          On 2012-05-08 21:48:09, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 21:48:09)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335370

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335370

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7738 ----------------------------------------------------------- Mostly +1. A couple of minor comments, one question on API annotation. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java < https://reviews.apache.org/r/4953/#comment17034 > Do we have a testcase for relogin? In our production with the older implementation of secure HBase RPC, we see swarms of GSS initiaition failure due to missing TGT for 5-10 seconds, and we speculate this is a race around relogin. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment17035 > Debug logging should be wrapped in a conditional, no biggie. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment17033 > This is probably just going to add noise. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java < https://reviews.apache.org/r/4953/#comment17036 > Maybe should be "security.hbase.*", what do you think? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java < https://reviews.apache.org/r/4953/#comment17037 > It might be better to say 'Kerberos principal does not have the expected format' http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java < https://reviews.apache.org/r/4953/#comment17038 > Should this be Public+Evolving? http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml < https://reviews.apache.org/r/4953/#comment17040 > Why this change? Unrelated junk from other work? Andrew On 2012-05-08 21:48:09, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 21:48:09) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335370 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          Ted Yu added a comment -

          I looped TestMXBean 4 times with patch v9 and they (master and regionserver) passed.

          Show
          Ted Yu added a comment - I looped TestMXBean 4 times with patch v9 and they (master and regionserver) passed.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12526048/rpcengine-merge.9.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 37 new or modified tests.

          +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 26 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests:
          org.apache.hadoop.hbase.master.TestMXBean

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526048/rpcengine-merge.9.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 26 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.master.TestMXBean Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//console This message is automatically generated.
          Hide
          Devaraj Das added a comment -

          This is the last patch I put up on reviewboard.

          Show
          Devaraj Das added a comment - This is the last patch I put up on reviewboard.
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/
          -----------------------------------------------------------

          (Updated 2012-05-08 21:48:09.490984)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Changes
          -------

          Sigh.. had forgotten to remove the white spaces.. This patch addresses that. Please note that I haven't removed white spaces from the files that got moved around. I only covered the stuff I added in the current files.

          Summary
          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.
          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs (updated)


          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335370

          Diff: https://reviews.apache.org/r/4953/diff

          Testing
          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 21:48:09.490984) Review request for Ted Yu, Michael Stack and Andrew Purtell. Changes ------- Sigh.. had forgotten to remove the white spaces.. This patch addresses that. Please note that I haven't removed white spaces from the files that got moved around. I only covered the stuff I added in the current files. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs (updated) http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335370 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/
          -----------------------------------------------------------

          (Updated 2012-05-08 21:33:06.528218)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Changes
          -------

          This is the updated patch with the last few comments incorporated.

          Summary
          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.
          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs (updated)


          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335370
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335370

          Diff: https://reviews.apache.org/r/4953/diff

          Testing
          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 21:33:06.528218) Review request for Ted Yu, Michael Stack and Andrew Purtell. Changes ------- This is the updated patch with the last few comments incorporated. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs (updated) http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335370 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50

          > <https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50>

          >

          > So, if no user, its insecure hbase? Good.

          >

          > I don't see you regenerating pb stuff after making these changes in this proto file.

          Michael Stack wrote:

          What about above?

          Devaraj Das wrote:

          On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there.

          There is actually - RPCProtos.java

          Michael Stack wrote:

          I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something?

          Devaraj Das wrote:

          The RPCProtos.java is the regenerated class.. The proto definition is in RPC.proto.. Both the files are there in the patch.

          I see. My oversight. Thanks.

          So, you are going to make a new version of this patch to commit? Good on you DD.

          • Michael

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7488
          -----------------------------------------------------------

          On 2012-05-08 07:45:11, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto , line 50 > < https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 > > > So, if no user, its insecure hbase? Good. > > I don't see you regenerating pb stuff after making these changes in this proto file. Michael Stack wrote: What about above? Devaraj Das wrote: On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there. There is actually - RPCProtos.java Michael Stack wrote: I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something? Devaraj Das wrote: The RPCProtos.java is the regenerated class.. The proto definition is in RPC.proto.. Both the files are there in the patch. I see. My oversight. Thanks. So, you are going to make a new version of this patch to commit? Good on you DD. Michael ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 ----------------------------------------------------------- On 2012-05-08 07:45:11, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50

          > <https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50>

          >

          > So, if no user, its insecure hbase? Good.

          >

          > I don't see you regenerating pb stuff after making these changes in this proto file.

          Michael Stack wrote:

          What about above?

          Devaraj Das wrote:

          On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there.

          There is actually - RPCProtos.java

          Michael Stack wrote:

          I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something?

          The RPCProtos.java is the regenerated class.. The proto definition is in RPC.proto.. Both the files are there in the patch.

          • Devaraj

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7488
          -----------------------------------------------------------

          On 2012-05-08 07:45:11, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto , line 50 > < https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 > > > So, if no user, its insecure hbase? Good. > > I don't see you regenerating pb stuff after making these changes in this proto file. Michael Stack wrote: What about above? Devaraj Das wrote: On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there. There is actually - RPCProtos.java Michael Stack wrote: I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something? The RPCProtos.java is the regenerated class.. The proto definition is in RPC.proto.. Both the files are there in the patch. Devaraj ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 ----------------------------------------------------------- On 2012-05-08 07:45:11, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java, line 19

          > <https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19>

          >

          > This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase?

          Michael Stack wrote:

          Ditto

          Devaraj Das wrote:

          I'd like to leave it as is since the class aims to shim the security related aspects of 'User' (Other than that it would save lots of lines in the patch if the package name is kept intact).

          np

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50

          > <https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50>

          >

          > So, if no user, its insecure hbase? Good.

          >

          > I don't see you regenerating pb stuff after making these changes in this proto file.

          Michael Stack wrote:

          What about above?

          Devaraj Das wrote:

          On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there.

          There is actually - RPCProtos.java

          I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something?

          • Michael

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7488
          -----------------------------------------------------------

          On 2012-05-08 07:45:11, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java , line 19 > < https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19 > > > This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase? Michael Stack wrote: Ditto Devaraj Das wrote: I'd like to leave it as is since the class aims to shim the security related aspects of 'User' (Other than that it would save lots of lines in the patch if the package name is kept intact). np On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto , line 50 > < https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 > > > So, if no user, its insecure hbase? Good. > > I don't see you regenerating pb stuff after making these changes in this proto file. Michael Stack wrote: What about above? Devaraj Das wrote: On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there. There is actually - RPCProtos.java I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something? Michael ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 ----------------------------------------------------------- On 2012-05-08 07:45:11, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-02 23:02:22, Michael Stack wrote:

          >

          I am not sure what step I missed the last time (when I answered your questions) that reviewboard didn't publish the responses.. Trying again.

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java, line 1

          > <https://reviews.apache.org/r/4953/diff/1/?file=105842#file105842line1>

          >

          > This exception should be at top level in hbase?

          Michael Stack wrote:

          Did you address this in your subsequent patch?

          I left it where it was originally. I think its fine as is..

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50

          > <https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50>

          >

          > So, if no user, its insecure hbase? Good.

          >

          > I don't see you regenerating pb stuff after making these changes in this proto file.

          Michael Stack wrote:

          What about above?

          On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there.

          There is actually - RPCProtos.java

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml, line 129

          > <https://reviews.apache.org/r/4953/diff/1/?file=105872#file105872line129>

          >

          > What is this? Mistake?

          I merged in the stuff from hbase-site.xml from the security/src/test/resources into the src/test/resources one since the security one would go away (yeah you won't know about it unless you do a manual diff of the two hbase-site.xml files).

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java, line 19

          > <https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19>

          >

          > This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase?

          Michael Stack wrote:

          Ditto

          I'd like to leave it as is since the class aims to shim the security related aspects of 'User' (Other than that it would save lots of lines in the patch if the package name is kept intact).

          • Devaraj

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7488
          -----------------------------------------------------------

          On 2012-05-08 07:45:11, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-02 23:02:22, Michael Stack wrote: > I am not sure what step I missed the last time (when I answered your questions) that reviewboard didn't publish the responses.. Trying again. On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java , line 1 > < https://reviews.apache.org/r/4953/diff/1/?file=105842#file105842line1 > > > This exception should be at top level in hbase? Michael Stack wrote: Did you address this in your subsequent patch? I left it where it was originally. I think its fine as is.. On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto , line 50 > < https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 > > > So, if no user, its insecure hbase? Good. > > I don't see you regenerating pb stuff after making these changes in this proto file. Michael Stack wrote: What about above? On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there. There is actually - RPCProtos.java On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml , line 129 > < https://reviews.apache.org/r/4953/diff/1/?file=105872#file105872line129 > > > What is this? Mistake? I merged in the stuff from hbase-site.xml from the security/src/test/resources into the src/test/resources one since the security one would go away (yeah you won't know about it unless you do a manual diff of the two hbase-site.xml files). On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java , line 19 > < https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19 > > > This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase? Michael Stack wrote: Ditto I'd like to leave it as is since the class aims to shim the security related aspects of 'User' (Other than that it would save lots of lines in the patch if the package name is kept intact). Devaraj ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 ----------------------------------------------------------- On 2012-05-08 07:45:11, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1149

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1149>

          >

          > Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse?

          >

          > rb shows added white space.

          Devaraj Das wrote:

          Will remove the white-spaces that are introduced by this patch.

          I am not sure I follow your question on the NPE.. But I'll do some cleanup on this anyway...

          Above you assign saslResponse a null buffer. Later there is a method to set the sasl response buffer. I was suggesting you not assign a null buffer so we fail fast w/ a NPE in those places where we forget to do a set of the sasl response.

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 259

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line259>

          >

          > Woah. Where'd this come from? What was this doing in here?

          Devaraj Das wrote:

          This was an unused field.. So I removed it..

          Good. Thanks.

          • Michael

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7684
          -----------------------------------------------------------

          On 2012-05-08 07:45:11, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1149 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1149 > > > Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse? > > rb shows added white space. Devaraj Das wrote: Will remove the white-spaces that are introduced by this patch. I am not sure I follow your question on the NPE.. But I'll do some cleanup on this anyway... Above you assign saslResponse a null buffer. Later there is a method to set the sasl response buffer. I was suggesting you not assign a null buffer so we fail fast w/ a NPE in those places where we forget to do a set of the sasl response. On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java , line 259 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line259 > > > Woah. Where'd this come from? What was this doing in here? Devaraj Das wrote: This was an unused field.. So I removed it.. Good. Thanks. Michael ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7684 ----------------------------------------------------------- On 2012-05-08 07:45:11, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java, line 1

          > <https://reviews.apache.org/r/4953/diff/1/?file=105842#file105842line1>

          >

          > This exception should be at top level in hbase?

          Did you address this in your subsequent patch?

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java, line 19

          > <https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19>

          >

          > This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase?

          Ditto

          On 2012-05-02 23:02:22, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50

          > <https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50>

          >

          > So, if no user, its insecure hbase? Good.

          >

          > I don't see you regenerating pb stuff after making these changes in this proto file.

          What about above?

          • Michael

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7488
          -----------------------------------------------------------

          On 2012-05-08 07:45:11, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java , line 1 > < https://reviews.apache.org/r/4953/diff/1/?file=105842#file105842line1 > > > This exception should be at top level in hbase? Did you address this in your subsequent patch? On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java , line 19 > < https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19 > > > This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase? Ditto On 2012-05-02 23:02:22, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto , line 50 > < https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 > > > So, if no user, its insecure hbase? Good. > > I don't see you regenerating pb stuff after making these changes in this proto file. What about above? Michael ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 ----------------------------------------------------------- On 2012-05-08 07:45:11, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > It looks like testing turned up some interesting issues going by the diff between this version and the previous. It works now?

          >

          > Good on you DD.

          Yes, my testing (1 master, 1 regionserver, 1 client all authenticating on Kerberos with each other) didn't show up any issues. I exercised some of the shell commands from the client (create, list, put, get).

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/pom.xml, line 560

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105835#file105835line560>

          >

          > Is this you or just difference between your patch and trunk? i.e. did you pull this in?

          Not sure. Went and looked at the last patch and it seemed to contain exactly what i intend to have in.

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1253

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1253>

          >

          > Is this a bug fix?

          Yes .. in testing I realized that the whole block of code need to be conditional.. (and this is the case currently in SecureServer.java from where this is taken)

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1341

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1341>

          >

          > When do we do this? When would we forego pb encoding? When its done already?

          >

          > Is this fix something that came of your manual testing? If so, I heart testing!

          The sasl handshake is not part of the PB messaging. Yes, I discovered that I forgot to take care of this until I tested with security

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1376

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1376>

          >

          > Is this going to be annoying? Happens on each rpc?

          Will revert (was for my debugging)

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1396

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1396>

          >

          > ditto?

          Will revert (was for my debugging)

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 259

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line259>

          >

          > Woah. Where'd this come from? What was this doing in here?

          This was an unused field.. So I removed it..

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 298

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line298>

          >

          > Ditto on the What!? What was this doing in here (smile).

          Will revert the What!? (was for my debugging)

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java, line 25

          > <https://reviews.apache.org/r/4953/diff/2/?file=107703#file107703line25>

          >

          > Ours is different from hadoops?

          I don't know what the problem was .. maybe some obscure classpath issue .. but changing it to use hbase's class solved the problem.

          On 2012-05-08 15:51:46, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1149

          > <https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1149>

          >

          > Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse?

          >

          > rb shows added white space.

          Will remove the white-spaces that are introduced by this patch.

          I am not sure I follow your question on the NPE.. But I'll do some cleanup on this anyway...

          • Devaraj

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7684
          -----------------------------------------------------------

          On 2012-05-08 07:45:11, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-08 15:51:46, Michael Stack wrote: > It looks like testing turned up some interesting issues going by the diff between this version and the previous. It works now? > > Good on you DD. Yes, my testing (1 master, 1 regionserver, 1 client all authenticating on Kerberos with each other) didn't show up any issues. I exercised some of the shell commands from the client (create, list, put, get). On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/pom.xml , line 560 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105835#file105835line560 > > > Is this you or just difference between your patch and trunk? i.e. did you pull this in? Not sure. Went and looked at the last patch and it seemed to contain exactly what i intend to have in. On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1253 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1253 > > > Is this a bug fix? Yes .. in testing I realized that the whole block of code need to be conditional.. (and this is the case currently in SecureServer.java from where this is taken) On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1341 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1341 > > > When do we do this? When would we forego pb encoding? When its done already? > > Is this fix something that came of your manual testing? If so, I heart testing! The sasl handshake is not part of the PB messaging. Yes, I discovered that I forgot to take care of this until I tested with security On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1376 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1376 > > > Is this going to be annoying? Happens on each rpc? Will revert (was for my debugging) On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1396 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1396 > > > ditto? Will revert (was for my debugging) On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java , line 259 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line259 > > > Woah. Where'd this come from? What was this doing in here? This was an unused field.. So I removed it.. On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java , line 298 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line298 > > > Ditto on the What!? What was this doing in here (smile). Will revert the What!? (was for my debugging) On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java , line 25 > < https://reviews.apache.org/r/4953/diff/2/?file=107703#file107703line25 > > > Ours is different from hadoops? I don't know what the problem was .. maybe some obscure classpath issue .. but changing it to use hbase's class solved the problem. On 2012-05-08 15:51:46, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1149 > < https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1149 > > > Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse? > > rb shows added white space. Will remove the white-spaces that are introduced by this patch. I am not sure I follow your question on the NPE.. But I'll do some cleanup on this anyway... Devaraj ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7684 ----------------------------------------------------------- On 2012-05-08 07:45:11, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12526003/5732-rpcengine-merge.7.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 29 new or modified tests.

          +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in .

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526003/5732-rpcengine-merge.7.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 29 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//console This message is automatically generated.
          Hide
          Ted Yu added a comment -

          Patch v7 from Devaraj Das.

          Show
          Ted Yu added a comment - Patch v7 from Devaraj Das.
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7684
          -----------------------------------------------------------

          It looks like testing turned up some interesting issues going by the diff between this version and the previous. It works now?

          Good on you DD.

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml
          <https://reviews.apache.org/r/4953/#comment16912>

          Is this you or just difference between your patch and trunk? i.e. did you pull this in?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment16914>

          Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse?

          rb shows added white space.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment16915>

          Is this a bug fix?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment16916>

          When do we do this? When would we forego pb encoding? When its done already?

          Is this fix something that came of your manual testing? If so, I heart testing!

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment16917>

          Is this going to be annoying? Happens on each rpc?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment16918>

          ditto?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          <https://reviews.apache.org/r/4953/#comment16919>

          Good. Nice.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          <https://reviews.apache.org/r/4953/#comment16920>

          Also good. Nice.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          <https://reviews.apache.org/r/4953/#comment16921>

          Woah. Where'd this come from? What was this doing in here?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          <https://reviews.apache.org/r/4953/#comment16922>

          Ditto on the What!? What was this doing in here (smile).

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java
          <https://reviews.apache.org/r/4953/#comment16913>

          Ours is different from hadoops?

          • Michael

          On 2012-05-08 07:45:11, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7684 ----------------------------------------------------------- It looks like testing turned up some interesting issues going by the diff between this version and the previous. It works now? Good on you DD. http://svn.apache.org/repos/asf/hbase/trunk/pom.xml < https://reviews.apache.org/r/4953/#comment16912 > Is this you or just difference between your patch and trunk? i.e. did you pull this in? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment16914 > Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse? rb shows added white space. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment16915 > Is this a bug fix? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment16916 > When do we do this? When would we forego pb encoding? When its done already? Is this fix something that came of your manual testing? If so, I heart testing! http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment16917 > Is this going to be annoying? Happens on each rpc? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment16918 > ditto? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java < https://reviews.apache.org/r/4953/#comment16919 > Good. Nice. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java < https://reviews.apache.org/r/4953/#comment16920 > Also good. Nice. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java < https://reviews.apache.org/r/4953/#comment16921 > Woah. Where'd this come from? What was this doing in here? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java < https://reviews.apache.org/r/4953/#comment16922 > Ditto on the What!? What was this doing in here (smile). http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java < https://reviews.apache.org/r/4953/#comment16913 > Ours is different from hadoops? Michael On 2012-05-08 07:45:11, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          Devaraj Das added a comment -

          I think the patch is close now. I haven't tested the delegation token code path manually. If there is some sample (&simple) job code that one can make available, that I can use to manually test the delegation-token part it would be great.. But yeah since this patch is big, I don't expect to see no bugs but I think those can be fixed as follow ups (with more thorough testing, etc.). This patch goes out of sync very quickly. So I'd really appreciate if it can be committed soon if the general approach and all that looks good.

          I also had to change the import of KerberosInfo class in a couple of places (in the new PB interface definitions) to point to HBase's definition of the class (as opposed to Hadoop's which it was originally). Manual testing pointed me to this issue.

          Show
          Devaraj Das added a comment - I think the patch is close now. I haven't tested the delegation token code path manually. If there is some sample (&simple) job code that one can make available, that I can use to manually test the delegation-token part it would be great.. But yeah since this patch is big, I don't expect to see no bugs but I think those can be fixed as follow ups (with more thorough testing, etc.). This patch goes out of sync very quickly. So I'd really appreciate if it can be committed soon if the general approach and all that looks good. I also had to change the import of KerberosInfo class in a couple of places (in the new PB interface definitions) to point to HBase's definition of the class (as opposed to Hadoop's which it was originally). Manual testing pointed me to this issue.
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/
          -----------------------------------------------------------

          (Updated 2012-05-08 07:45:11.526354)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Changes
          -------

          Updated patch. Tested manually with Kerberos.

          Summary
          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.
          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs (updated)


          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359

          Diff: https://reviews.apache.org/r/4953/diff

          Testing
          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-08 07:45:11.526354) Review request for Ted Yu, Michael Stack and Andrew Purtell. Changes ------- Updated patch. Tested manually with Kerberos. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs (updated) http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1335359 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > Here's a quick review of this fat patch. Good stuff.

          Yeah the patch is fat but most of it is refactoring and moving classes around.

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java, line 67

          > <https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line67>

          >

          > Should this security stuff be moved down here into ipc package? Is it only place where security is referenced?

          This is not the only class.. there are a bunch of classes present there..

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/pom.xml, line 1677

          > <https://reviews.apache.org/r/4953/diff/1/?file=105835#file105835line1677>

          >

          > Now the underlying hadoop must support all the security apis?

          >

          > If not present, will we compile?

          Yes, this will necessitate hadoop-1.0++..

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java, line 81

          > <https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line81>

          >

          > So, if underlying hadoop does not have these classes, we'll fail the build?

          yes

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java, line 283

          > <https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line283>

          >

          > Should this be a fail?

          This was what was there in the original code (SecureClient.java). I left it as it was..

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1495

          > <https://reviews.apache.org/r/4953/diff/1/?file=105838#file105838line1495>

          >

          > Can you not give byte array to pb to parse? Use builder and mergeFrom? Not important.

          Yeah this is not making any additional copy.

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 67

          > <https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line67>

          >

          > Has to be public?

          No.. I reverted this change.

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 252

          > <https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line252>

          >

          > This is a pity removing the static?

          Reverted.

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 343

          > <https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line343>

          >

          > Where do these get shut down?

          These are daemon threads (most of them are the RPC threads that we currently have). They will get shut down with the process.

          On 2012-05-01 23:02:34, Michael Stack wrote:

          > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java, line 138

          > <https://reviews.apache.org/r/4953/diff/1/?file=105854#file105854line138>

          >

          > This stuff is copied over from the /security dir in hbase? Are there corresponding deletes? What about some tests?

          The patch has the deleted files marked as such. An example is:
          Index: security/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java (deleted)

          I haven't added any tests as part of this patch since this is mostly refactoring. Existing tests cover the scenarios. Also, I am manually testing the Kerberos parts.

          • Devaraj

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7455
          -----------------------------------------------------------

          On 2012-05-01 20:27:30, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-01 20:27:30)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1332383

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-05-01 23:02:34, Michael Stack wrote: > Here's a quick review of this fat patch. Good stuff. Yeah the patch is fat but most of it is refactoring and moving classes around. On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java , line 67 > < https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line67 > > > Should this security stuff be moved down here into ipc package? Is it only place where security is referenced? This is not the only class.. there are a bunch of classes present there.. On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/pom.xml , line 1677 > < https://reviews.apache.org/r/4953/diff/1/?file=105835#file105835line1677 > > > Now the underlying hadoop must support all the security apis? > > If not present, will we compile? Yes, this will necessitate hadoop-1.0++.. On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java , line 81 > < https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line81 > > > So, if underlying hadoop does not have these classes, we'll fail the build? yes On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java , line 283 > < https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line283 > > > Should this be a fail? This was what was there in the original code (SecureClient.java). I left it as it was.. On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java , line 1495 > < https://reviews.apache.org/r/4953/diff/1/?file=105838#file105838line1495 > > > Can you not give byte array to pb to parse? Use builder and mergeFrom? Not important. Yeah this is not making any additional copy. On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java , line 67 > < https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line67 > > > Has to be public? No.. I reverted this change. On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java , line 252 > < https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line252 > > > This is a pity removing the static? Reverted. On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java , line 343 > < https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line343 > > > Where do these get shut down? These are daemon threads (most of them are the RPC threads that we currently have). They will get shut down with the process. On 2012-05-01 23:02:34, Michael Stack wrote: > http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java , line 138 > < https://reviews.apache.org/r/4953/diff/1/?file=105854#file105854line138 > > > This stuff is copied over from the /security dir in hbase? Are there corresponding deletes? What about some tests? The patch has the deleted files marked as such. An example is: Index: security/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java (deleted) I haven't added any tests as part of this patch since this is mostly refactoring. Existing tests cover the scenarios. Also, I am manually testing the Kerberos parts. Devaraj ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7455 ----------------------------------------------------------- On 2012-05-01 20:27:30, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-01 20:27:30) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1332383 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          Devaraj Das added a comment -

          Yeah I should have commented back on RB.. Sorry about that.
          I'll upload a patch once I am done with the manual testing with kerberos (very soon).

          Show
          Devaraj Das added a comment - Yeah I should have commented back on RB.. Sorry about that. I'll upload a patch once I am done with the manual testing with kerberos (very soon).
          Hide
          stack added a comment -

          DD, you can comment over in rb too – that'd be better actually since our comments will then be interlaced (they'll show up in here then after you 'publish' them on rb).

          All above sounds good. You going to do another version of this patch to address other review items?

          I am in the process of setting up a secure cluster etc. for some manual testing.. Fingers crossed.

          X

          Show
          stack added a comment - DD, you can comment over in rb too – that'd be better actually since our comments will then be interlaced (they'll show up in here then after you 'publish' them on rb). All above sounds good. You going to do another version of this patch to address other review items? I am in the process of setting up a secure cluster etc. for some manual testing.. Fingers crossed. X
          Hide
          Devaraj Das added a comment -

          There is no corresponding remove of the /security directory. Should it be included here?

          Yeah, it shouldn't be there. However, I generated the patch with --no-diff-deleted and hence these files still show up but if you download the patch you will see a bunch of lines that say "Index: security/... (deleted)". The person who commits needs to be aware of this I guess and run the appropriate svn commands.

          I don't see you regenerating pb stuff after making these changes in this proto file

          There is actually - RPCProtos.java.

          What is this? Mistake?

          (comment to do with the conf file change). I merged in the stuff from hbase-site.xml from the security/src/test/resources into the src/test/resources one since the security one would go away (yeah you won't know about it unless you do a manual diff of the two hbase-site.xml files).

          I am in the process of setting up a secure cluster etc. for some manual testing.. Fingers crossed.

          Show
          Devaraj Das added a comment - There is no corresponding remove of the /security directory. Should it be included here? Yeah, it shouldn't be there. However, I generated the patch with --no-diff-deleted and hence these files still show up but if you download the patch you will see a bunch of lines that say "Index: security/... (deleted)". The person who commits needs to be aware of this I guess and run the appropriate svn commands. I don't see you regenerating pb stuff after making these changes in this proto file There is actually - RPCProtos.java. What is this? Mistake? (comment to do with the conf file change). I merged in the stuff from hbase-site.xml from the security/src/test/resources into the src/test/resources one since the security one would go away (yeah you won't know about it unless you do a manual diff of the two hbase-site.xml files). I am in the process of setting up a secure cluster etc. for some manual testing.. Fingers crossed.
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7488
          -----------------------------------------------------------

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java
          <https://reviews.apache.org/r/4953/#comment16579>

          This exception should be at top level in hbase?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java
          <https://reviews.apache.org/r/4953/#comment16578>

          This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto
          <https://reviews.apache.org/r/4953/#comment16580>

          I missed this page of edits.

          There is no corresponding remove of the /security directory. Should it be included here?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto
          <https://reviews.apache.org/r/4953/#comment16581>

          So, if no user, its insecure hbase? Good.

          I don't see you regenerating pb stuff after making these changes in this proto file.

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml
          <https://reviews.apache.org/r/4953/#comment16582>

          What is this? Mistake?

          • Michael

          On 2012-05-01 20:27:30, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-01 20:27:30)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1332383

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 ----------------------------------------------------------- http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java < https://reviews.apache.org/r/4953/#comment16579 > This exception should be at top level in hbase? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java < https://reviews.apache.org/r/4953/#comment16578 > This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase? http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto < https://reviews.apache.org/r/4953/#comment16580 > I missed this page of edits. There is no corresponding remove of the /security directory. Should it be included here? http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto < https://reviews.apache.org/r/4953/#comment16581 > So, if no user, its insecure hbase? Good. I don't see you regenerating pb stuff after making these changes in this proto file. http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml < https://reviews.apache.org/r/4953/#comment16582 > What is this? Mistake? Michael On 2012-05-01 20:27:30, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-01 20:27:30) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1332383 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12525191/rpcengine-merge.4.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 37 new or modified tests.

          +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 38 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests:
          org.apache.hadoop.hbase.replication.TestReplication

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12525191/rpcengine-merge.4.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 38 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.replication.TestReplication Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//console This message is automatically generated.
          Hide
          Devaraj Das added a comment -

          No this patch doesn't change anything to do with ZK dependencies..

          Show
          Devaraj Das added a comment - No this patch doesn't change anything to do with ZK dependencies..
          Hide
          stack added a comment -

          @Deveraj We ship with 3.4.x but do not require that you run a 3.4.x ensemble. Its only required if you enable security. We would like to keep it so that if you are not running secure hbase, then you do not need a 3.4 ensemble. Does your patch change this story?

          Show
          stack added a comment - @Deveraj We ship with 3.4.x but do not require that you run a 3.4.x ensemble. Its only required if you enable security. We would like to keep it so that if you are not running secure hbase, then you do not need a 3.4 ensemble. Does your patch change this story?
          Hide
          Devaraj Das added a comment -

          Latest patch runs security unit tests in default profile. This requires zookeeper 3.4.x

          @Ted, the file pom.xml already has a dependency on zookeeper-3.4.3...

          Now the underlying hadoop must support all the security apis? If not present, will we compile?

          @Stack, yes, this will necessitate hadoop-1.0++..

          Show
          Devaraj Das added a comment - Latest patch runs security unit tests in default profile. This requires zookeeper 3.4.x @Ted, the file pom.xml already has a dependency on zookeeper-3.4.3... Now the underlying hadoop must support all the security apis? If not present, will we compile? @Stack, yes, this will necessitate hadoop-1.0++..
          Hide
          Ted Yu added a comment -

          Latest patch runs security unit tests in default profile.
          This requires zookeeper 3.4.x

          Is that Okay for 0.96 ?

          Show
          Ted Yu added a comment - Latest patch runs security unit tests in default profile. This requires zookeeper 3.4.x Is that Okay for 0.96 ?
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/#review7455
          -----------------------------------------------------------

          Here's a quick review of this fat patch. Good stuff.

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml
          <https://reviews.apache.org/r/4953/#comment16446>

          Now the underlying hadoop must support all the security apis?

          If not present, will we compile?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
          <https://reviews.apache.org/r/4953/#comment16448>

          Should this security stuff be moved down here into ipc package? Is it only place where security is referenced?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
          <https://reviews.apache.org/r/4953/#comment16452>

          So, if underlying hadoop does not have these classes, we'll fail the build?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
          <https://reviews.apache.org/r/4953/#comment16453>

          Should this be a fail?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment16457>

          ditto comment from above

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
          <https://reviews.apache.org/r/4953/#comment16458>

          Can you not give byte array to pb to parse? Use builder and mergeFrom? Not important.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          <https://reviews.apache.org/r/4953/#comment16459>

          Has to be public?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          <https://reviews.apache.org/r/4953/#comment16460>

          This is a pity removing the static?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          <https://reviews.apache.org/r/4953/#comment16461>

          Removing this static is good though.

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java
          <https://reviews.apache.org/r/4953/#comment16462>

          Where do these get shut down?

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
          <https://reviews.apache.org/r/4953/#comment16463>

          This stuff is copied over from the /security dir in hbase? Are there corresponding deletes? What about some tests?

          • Michael

          On 2012-05-01 20:27:30, Devaraj Das wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/4953/

          -----------------------------------------------------------

          (Updated 2012-05-01 20:27:30)

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary

          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.

          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs

          -----

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION

          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1332383

          Diff: https://reviews.apache.org/r/4953/diff

          Testing

          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7455 ----------------------------------------------------------- Here's a quick review of this fat patch. Good stuff. http://svn.apache.org/repos/asf/hbase/trunk/pom.xml < https://reviews.apache.org/r/4953/#comment16446 > Now the underlying hadoop must support all the security apis? If not present, will we compile? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java < https://reviews.apache.org/r/4953/#comment16448 > Should this security stuff be moved down here into ipc package? Is it only place where security is referenced? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java < https://reviews.apache.org/r/4953/#comment16452 > So, if underlying hadoop does not have these classes, we'll fail the build? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java < https://reviews.apache.org/r/4953/#comment16453 > Should this be a fail? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment16457 > ditto comment from above http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java < https://reviews.apache.org/r/4953/#comment16458 > Can you not give byte array to pb to parse? Use builder and mergeFrom? Not important. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java < https://reviews.apache.org/r/4953/#comment16459 > Has to be public? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java < https://reviews.apache.org/r/4953/#comment16460 > This is a pity removing the static? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java < https://reviews.apache.org/r/4953/#comment16461 > Removing this static is good though. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java < https://reviews.apache.org/r/4953/#comment16462 > Where do these get shut down? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java < https://reviews.apache.org/r/4953/#comment16463 > This stuff is copied over from the /security dir in hbase? Are there corresponding deletes? What about some tests? Michael On 2012-05-01 20:27:30, Devaraj Das wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- (Updated 2012-05-01 20:27:30) Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs ----- http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1332383 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/4953/
          -----------------------------------------------------------

          Review request for Ted Yu, Michael Stack and Andrew Purtell.

          Summary
          -------

          Reviewboard request for HBASE-5732

          This addresses bug HBASE-5732.
          https://issues.apache.org/jira/browse/HBASE-5732

          Diffs


          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION
          http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1332383

          Diff: https://reviews.apache.org/r/4953/diff

          Testing
          -------

          All unit tests pass.

          Thanks,

          Devaraj

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ ----------------------------------------------------------- Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary ------- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732 . https://issues.apache.org/jira/browse/HBASE-5732 Diffs http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml 1332383 Diff: https://reviews.apache.org/r/4953/diff Testing ------- All unit tests pass. Thanks, Devaraj
          Hide
          Devaraj Das added a comment -

          Attaching an updated patch with the check for whether security is enabled before starting the secretmanager (in WritableRpcEngine.Server implementation).

          All the unit tests (except TestShell which fails without the patch too) pass with this patch. I'll test it manually with security/kerberos ON. In the meantime, it'd be nice to get feedback on the patch (and yes, I am yet to address the white-space comments). Thanks!

          Show
          Devaraj Das added a comment - Attaching an updated patch with the check for whether security is enabled before starting the secretmanager (in WritableRpcEngine.Server implementation). All the unit tests (except TestShell which fails without the patch too) pass with this patch. I'll test it manually with security/kerberos ON. In the meantime, it'd be nice to get feedback on the patch (and yes, I am yet to address the white-space comments). Thanks!
          Hide
          Devaraj Das added a comment -

          In the last patch, I missed adding the AuthenticationTokenSecretManager instantiation in the default RPC engine (and a security unit test failed). I've taken that into consideration now..

          Andrew, how about instantiating the AuthenticationTokenSecretManager (that has dependency on ZK) only if isSecurityEnabled() returns true.. The problem with this is that the unit tests also won't instantiate the manager.. for unit tests, maybe we can have a minimal RpcEngine implementation that returns a Server object that internally instantiates the AuthenticationTokenSecretManager unconditionally.. Would that work?

          Show
          Devaraj Das added a comment - In the last patch, I missed adding the AuthenticationTokenSecretManager instantiation in the default RPC engine (and a security unit test failed). I've taken that into consideration now.. Andrew, how about instantiating the AuthenticationTokenSecretManager (that has dependency on ZK) only if isSecurityEnabled() returns true.. The problem with this is that the unit tests also won't instantiate the manager.. for unit tests, maybe we can have a minimal RpcEngine implementation that returns a Server object that internally instantiates the AuthenticationTokenSecretManager unconditionally.. Would that work?
          Hide
          Ted Yu added a comment -

          Since AccessController and TokenProvider coprocessors remain after this merge, my point was that we need to keep security profile for running the unit tests related to these coprocessors.

          Show
          Ted Yu added a comment - Since AccessController and TokenProvider coprocessors remain after this merge, my point was that we need to keep security profile for running the unit tests related to these coprocessors.
          Hide
          Andrew Purtell added a comment -

          Only the secure RPC basics have been merged. Please reread my above comments about TokenProvider and AccessController.

          Show
          Andrew Purtell added a comment - Only the secure RPC basics have been merged. Please reread my above comments about TokenProvider and AccessController.
          Hide
          Ted Yu added a comment -

          Now that security profile is gone in patch v2, the build would be intrinsically secure HBase ?

          Show
          Ted Yu added a comment - Now that security profile is gone in patch v2, the build would be intrinsically secure HBase ?
          Hide
          Andrew Purtell added a comment -

          TokenProvider is an interesting issue. On the one hand it pulls in new runtime dependencies on ZooKeeper (it will abort the RS if shared private keys for creating MR job tokens cannot be synced or rolled); on the other, authentication for HBase clients in MR jobs when HBase RPC security is enabled must happen via a token based mechanism such as TokenProvider provides.

          In production we've found that sharing state in ZK as TokenProvider does introduces new cases of RS aborts when the network has issues. Whether the RS would have gone down anyway is a good possibility.

          We could leave it aside as a CP that people must use if they want to run MR jobs with secure RPC, or consider folding it in as well as a follow on JIRA, along with possible design changes. However I think the design is pretty good, and it's proven in production, and ZK disconnects are an issue elsewhere as well. But increasing the cases where ZK disconnects can be a problem should be considered.

          Show
          Andrew Purtell added a comment - TokenProvider is an interesting issue. On the one hand it pulls in new runtime dependencies on ZooKeeper (it will abort the RS if shared private keys for creating MR job tokens cannot be synced or rolled); on the other, authentication for HBase clients in MR jobs when HBase RPC security is enabled must happen via a token based mechanism such as TokenProvider provides. In production we've found that sharing state in ZK as TokenProvider does introduces new cases of RS aborts when the network has issues. Whether the RS would have gone down anyway is a good possibility. We could leave it aside as a CP that people must use if they want to run MR jobs with secure RPC, or consider folding it in as well as a follow on JIRA, along with possible design changes. However I think the design is pretty good, and it's proven in production, and ZK disconnects are an issue elsewhere as well. But increasing the cases where ZK disconnects can be a problem should be considered.
          Hide
          Devaraj Das added a comment -

          Sorry my copy-paste buffer was stale (it could have been worse!). I meant to say "Yes, the last patch has only these" to Andrew's last comment "The only thing in security/ after the RPC engine merge should be the AccessController and TokenProvider coprocessors."

          Show
          Devaraj Das added a comment - Sorry my copy-paste buffer was stale (it could have been worse!). I meant to say "Yes, the last patch has only these" to Andrew's last comment "The only thing in security/ after the RPC engine merge should be the AccessController and TokenProvider coprocessors."
          Hide
          Devaraj Das added a comment -

          HBase Cyclic Replication Issue: some data are missing in the replication for intensive write

          Yes, the last patch has only these.

          What kind of hadoop will be required? One that supports security: i.e. apache hadoop 1.0.x, 2.0.x?

          Yes. For others like 3.0.x, if the API compatibility is not broken (shim'ed in User.java), things will continue to work. In case the API changes, User.java needs to take those into consideration in the shim.

          Show
          Devaraj Das added a comment - HBase Cyclic Replication Issue: some data are missing in the replication for intensive write Yes, the last patch has only these. What kind of hadoop will be required? One that supports security: i.e. apache hadoop 1.0.x, 2.0.x? Yes. For others like 3.0.x, if the API compatibility is not broken (shim'ed in User.java), things will continue to work. In case the API changes, User.java needs to take those into consideration in the shim.
          Hide
          Andrew Purtell added a comment -

          The only thing in security/ after the RPC engine merge should be the AccessController and TokenProvider coprocessors. TokenProvider will be needed for authenticating MR jobs when secure HBase RPC is enabled. AccessController is optional and provides per CF ACLs.

          Unfortunately one must .wrap(), the SASL layer requires it. In the event the user negotiates auth-conf and probably also auth-int then failure to wrap the payload will send junk.

          Show
          Andrew Purtell added a comment - The only thing in security/ after the RPC engine merge should be the AccessController and TokenProvider coprocessors. TokenProvider will be needed for authenticating MR jobs when secure HBase RPC is enabled. AccessController is optional and provides per CF ACLs. Unfortunately one must .wrap(), the SASL layer requires it. In the event the user negotiates auth-conf and probably also auth-int then failure to wrap the payload will send junk.
          Hide
          Devaraj Das added a comment -

          Attached is the patch with the review comments addressed (except the ones to do with introduction of new 'white-spaces'). This is still under test but I thought I'll update the jira with what I have currently..

          Stack, i have retained User.java class upon feedback from Andrew though that supports only the 1.0++ Hadoop's UserGroupInformation API presently (and that is compatible with hadoop-2.0, etc. from HBase's usage point of view).

          I have moved the Java files inside the $root/security/src/* directory to src/*, and removed the security profile from the pom.xml file.

          Stack, on the copy comment you made on saslServer.wrap(), that's how Sasl API works. I don't think there is a way around it..

          No there are no tests introduced by this patch. There're quite a few tests already for security. I'll ensure they continue to work (smile). Also I'll test the patch manually on a real cluster.

          Thanks, folks for the reviews!

          Show
          Devaraj Das added a comment - Attached is the patch with the review comments addressed (except the ones to do with introduction of new 'white-spaces'). This is still under test but I thought I'll update the jira with what I have currently.. Stack, i have retained User.java class upon feedback from Andrew though that supports only the 1.0++ Hadoop's UserGroupInformation API presently (and that is compatible with hadoop-2.0, etc. from HBase's usage point of view). I have moved the Java files inside the $root/security/src/* directory to src/*, and removed the security profile from the pom.xml file. Stack, on the copy comment you made on saslServer.wrap(), that's how Sasl API works. I don't think there is a way around it.. No there are no tests introduced by this patch. There're quite a few tests already for security. I'll ensure they continue to work (smile). Also I'll test the patch manually on a real cluster. Thanks, folks for the reviews!
          Hide
          stack added a comment -

          @Devaraj If this patch only works against 1.0.x hadoop, what do we do when we want to run hbase 0.96 on hadoop 2.0.x?

          Here is some more feedback on posted patch:

          Its big! Its mostly deletes and generated code though thankfully.

          So, you are going to move to UGI over User?

          Are you going to get rid of the security dir that is at top level in hbase? Is there anything left in it after this patch?

          What kind of hadoop will be required? One that supports security: i.e. apache hadoop 1.0.x, 2.0.x? And then for the others? The will need to have an answer for the security methods?

          Just remove rather than do this commenting out:

          -        builder.setError(error != null);
          +        //builder.setStatus(
          

          This is going to make a copy of the response?

          +          token = connection.saslServer.wrap(buf.array(),
          +              buf.arrayOffset(), buf.remaining());
          

          Do we have to? Can't we feed it out on the output stream, first the wrapping, then the response?

          Any tests?

          Good stuff.

          Show
          stack added a comment - @Devaraj If this patch only works against 1.0.x hadoop, what do we do when we want to run hbase 0.96 on hadoop 2.0.x? Here is some more feedback on posted patch: Its big! Its mostly deletes and generated code though thankfully. So, you are going to move to UGI over User? Are you going to get rid of the security dir that is at top level in hbase? Is there anything left in it after this patch? What kind of hadoop will be required? One that supports security: i.e. apache hadoop 1.0.x, 2.0.x? And then for the others? The will need to have an answer for the security methods? Just remove rather than do this commenting out: - builder.setError(error != null ); + //builder.setStatus( This is going to make a copy of the response? + token = connection.saslServer.wrap(buf.array(), + buf.arrayOffset(), buf.remaining()); Do we have to? Can't we feed it out on the output stream, first the wrapping, then the response? Any tests? Good stuff.
          Hide
          Andrew Purtell added a comment -

          I'll revert User.java and have it only support hadoop-1.0++. Sounds reasonable?

          Sounds good, thanks Devaraj.

          Show
          Andrew Purtell added a comment - I'll revert User.java and have it only support hadoop-1.0++. Sounds reasonable? Sounds good, thanks Devaraj.
          Hide
          Ted Yu added a comment -

          Only the review requester can update the patch for the review.
          So the person composing the patch should be creating review request.

          Show
          Ted Yu added a comment - Only the review requester can update the patch for the review. So the person composing the patch should be creating review request.
          Hide
          Devaraj Das added a comment -

          Ah I thought you had uploaded the patch on reviewboard and I could use that .. Never mind. I'll take care..

          Show
          Devaraj Das added a comment - Ah I thought you had uploaded the patch on reviewboard and I could use that .. Never mind. I'll take care..
          Hide
          Ted Yu added a comment -

          Start with https://reviews.apache.org/r/new/:
          select hbase for Repository and '/' for Base Directory
          Use Browse to locate your patch. Press 'Create New Request' button.

          On the next screen, enter hbase for Group.

          Once required fields are filled, you should be able to publish your latest patch.

          Show
          Ted Yu added a comment - Start with https://reviews.apache.org/r/new/: select hbase for Repository and '/' for Base Directory Use Browse to locate your patch. Press 'Create New Request' button. On the next screen, enter hbase for Group. Once required fields are filled, you should be able to publish your latest patch.
          Hide
          Devaraj Das added a comment -

          I forgot to mention that I'll keep the User shim as it is (please let me know if this doesn't seem right). So most of the changes will be in HBaseServer/HBaseClient files. Will upload a patch tonight or over the weekend (sorry for the delay).

          Show
          Devaraj Das added a comment - I forgot to mention that I'll keep the User shim as it is (please let me know if this doesn't seem right). So most of the changes will be in HBaseServer/HBaseClient files. Will upload a patch tonight or over the weekend (sorry for the delay).
          Hide
          Devaraj Das added a comment -

          On review board, it is obvious where white spaces are introduced

          Zhihong, could you please put a link to the reviewboard for this jira please (I don't seem to be able to locate it easily)..

          Show
          Devaraj Das added a comment - On review board, it is obvious where white spaces are introduced Zhihong, could you please put a link to the reviewboard for this jira please (I don't seem to be able to locate it easily)..
          Hide
          Devaraj Das added a comment -

          over in Hadoop, there is a discussion around making some of the APIs in UGI public

          The Hadoop jira is HADOOP-8152

          Show
          Devaraj Das added a comment - over in Hadoop, there is a discussion around making some of the APIs in UGI public The Hadoop jira is HADOOP-8152
          Hide
          Devaraj Das added a comment -

          I'm all for removing shims and hacks wherever possible, but if we end up here again then this just churns our API along with Hadoop core.

          Andrew, over in Hadoop, there is a discussion around making some of the APIs in UGI public (and bound to contracts ) but maybe you are right - things could change even then.

          I'll revert User.java and have it only support hadoop-1.0++. Sounds reasonable?

          Show
          Devaraj Das added a comment - I'm all for removing shims and hacks wherever possible, but if we end up here again then this just churns our API along with Hadoop core. Andrew, over in Hadoop, there is a discussion around making some of the APIs in UGI public (and bound to contracts ) but maybe you are right - things could change even then. I'll revert User.java and have it only support hadoop-1.0++. Sounds reasonable?
          Hide
          Andrew Purtell added a comment -

          Andrew, this patch hasn't been tested yet. But if it is made to run with hadoop-1.0, I am pretty sure that it will run on all the versions post 1.0. The UGI class of Hadoop hasn't changed incompatibly since 1.0.

          I'm all for removing shims and hacks wherever possible, but if we end up here again then this just churns our API along with Hadoop core.

          Show
          Andrew Purtell added a comment - Andrew, this patch hasn't been tested yet. But if it is made to run with hadoop-1.0, I am pretty sure that it will run on all the versions post 1.0. The UGI class of Hadoop hasn't changed incompatibly since 1.0. I'm all for removing shims and hacks wherever possible, but if we end up here again then this just churns our API along with Hadoop core.
          Hide
          Devaraj Das added a comment -

          Thanks, Zhihong for the detailed comments. I'll address your comments, and answer your questions, in the next iteration.

          Andrew, this patch hasn't been tested yet. But if it is made to run with hadoop-1.0, I am pretty sure that it will run on all the versions post 1.0. The UGI class of Hadoop hasn't changed incompatibly since 1.0.

          Show
          Devaraj Das added a comment - Thanks, Zhihong for the detailed comments. I'll address your comments, and answer your questions, in the next iteration. Andrew, this patch hasn't been tested yet. But if it is made to run with hadoop-1.0, I am pretty sure that it will run on all the versions post 1.0. The UGI class of Hadoop hasn't changed incompatibly since 1.0.
          Hide
          Andrew Purtell added a comment -

          The reason the User abstraction exists is because the UserGroupInformation API is inconsistent between Hadoop versions. Has this patch been tested on all of 1.0, 0.23/2.0, 0.22 etc.?

          Show
          Andrew Purtell added a comment - The reason the User abstraction exists is because the UserGroupInformation API is inconsistent between Hadoop versions. Has this patch been tested on all of 1.0, 0.23/2.0, 0.22 etc.?
          Hide
          Ted Yu added a comment -

          On review board, it is obvious where white spaces are introduced.

          +    private void wrapWithSasl(ByteBufferOutputStream response)
          +        throws IOException {
          +      if (connection.useSasl) {
          

          I suggest checking !connection.useSasl so that we can return early - this is minor.

          +    private void saslReadAndProcess(byte[] saslToken) throws IOException,
          +        InterruptedException {
          +      if (!saslContextEstablished) {
          

          The else branch starting at line 1313 is much shorter than the if branch. Consider handling the saslContextEstablished case first and return. This would save indentation for the !saslContextEstablished case.

          +    private void disposeSasl() {
          +      if (saslServer != null) {
          +        try {
          +          saslServer.dispose();
          

          Please assign null to saslServer after the dispose() call.
          In readAndProcess():

          +          if (dataLength < 0) {
          +            LOG.warn("Unexpected data length " + dataLength + "!! from " +
          +                getHostAddress());
          +          }
                     data = ByteBuffer.allocate(dataLength);
          

          When dataLength is negative, the allocate() call would throw IllegalArgumentException. It would be nice to change the above LOG.warn() into IllegalArgumentException.

          +        TokenUtil.obtainTokenForJob(job,UserGroupInformation.getCurrentUser());
          

          Please add a space after comma.

          Show
          Ted Yu added a comment - On review board, it is obvious where white spaces are introduced. + private void wrapWithSasl(ByteBufferOutputStream response) + throws IOException { + if (connection.useSasl) { I suggest checking !connection.useSasl so that we can return early - this is minor. + private void saslReadAndProcess( byte [] saslToken) throws IOException, + InterruptedException { + if (!saslContextEstablished) { The else branch starting at line 1313 is much shorter than the if branch. Consider handling the saslContextEstablished case first and return. This would save indentation for the !saslContextEstablished case. + private void disposeSasl() { + if (saslServer != null ) { + try { + saslServer.dispose(); Please assign null to saslServer after the dispose() call. In readAndProcess(): + if (dataLength < 0) { + LOG.warn( "Unexpected data length " + dataLength + "!! from " + + getHostAddress()); + } data = ByteBuffer.allocate(dataLength); When dataLength is negative, the allocate() call would throw IllegalArgumentException. It would be nice to change the above LOG.warn() into IllegalArgumentException. + TokenUtil.obtainTokenForJob(job,UserGroupInformation.getCurrentUser()); Please add a space after comma.
          Hide
          Ted Yu added a comment -

          Thanks for the hint about compilation, Devaraj.
          Would it make sense to change security profile to the default profile (insecure build doesn't compile) ?

          For HBaseServer.setResponse():

          +        long hint = ohint.getWritableSize() + Bytes.SIZEOF_INT + Bytes.SIZEOF_INT;
          

          The two Bytes.SIZEOF_INT can be written as Bytes.SIZEOF_INT*2.

          -        builder.setError(error != null);
          +        //builder.setStatus(
          

          The above comment can be removed.

          -      ByteBuffer bb = buf.getByteBuffer();
          -      bb.position(0);
          -      this.response = bb;
          +      this.response = buf.getByteBuffer();
          

          Why was the position(0) call removed ?

          Show
          Ted Yu added a comment - Thanks for the hint about compilation, Devaraj. Would it make sense to change security profile to the default profile (insecure build doesn't compile) ? For HBaseServer.setResponse(): + long hint = ohint.getWritableSize() + Bytes.SIZEOF_INT + Bytes.SIZEOF_INT; The two Bytes.SIZEOF_INT can be written as Bytes.SIZEOF_INT*2. - builder.setError(error != null ); + //builder.setStatus( The above comment can be removed. - ByteBuffer bb = buf.getByteBuffer(); - bb.position(0); - this .response = bb; + this .response = buf.getByteBuffer(); Why was the position(0) call removed ?
          Hide
          Devaraj Das added a comment -

          Thanks, Zhihong for the review. I forgot to mention that the build should be done with the security profile turned on. I'll fix that shortly..

          Show
          Devaraj Das added a comment - Thanks, Zhihong for the review. I forgot to mention that the build should be done with the security profile turned on. I'll fix that shortly..
          Hide
          Ted Yu added a comment -

          I put the patch on review board, below are comments for the first page.
          For disposeSasl():

          +        } catch (IOException ioe) {
          +          LOG.info("Error disposing of SASL client", ioe);
          +        }
          

          The above log should be at error level.

          +    private synchronized boolean setupSaslConnection(final InputStream in2,
          +        final OutputStream out2)
          +        throws IOException {
          

          The 'throws' should be on the same line as parameter 'out2'.
          For handleSaslConnectionFailure():

          +          if (ex instanceof RemoteException)
          +            throw (RemoteException)ex;
          +          throw new IOException(ex);
          

          I think the if statement should check for IOException so that we don't create IOException wrapping ex, another IOException.

          +    private void writeHeader() throws IOException {
          +      // Write out the ConnectionHeader
          +      out.writeInt(header.getSerializedSize());
          +      header.writeTo(out);
          +    }
          

          Do we need to call out.flush() at the end of the above method ?

          +      if (closeException == null) {
          +        if (!calls.isEmpty()) {
          +          LOG.warn(
          +              "A connection is closed for no cause and calls are not empty");
          +
          +          // clean up calls anyway
          +          closeException = new IOException("Unexpected closed connection");
          

          Should we record the size of calls in the above warning and IOE ?

          Show
          Ted Yu added a comment - I put the patch on review board, below are comments for the first page. For disposeSasl(): + } catch (IOException ioe) { + LOG.info( "Error disposing of SASL client" , ioe); + } The above log should be at error level. + private synchronized boolean setupSaslConnection( final InputStream in2, + final OutputStream out2) + throws IOException { The 'throws' should be on the same line as parameter 'out2'. For handleSaslConnectionFailure(): + if (ex instanceof RemoteException) + throw (RemoteException)ex; + throw new IOException(ex); I think the if statement should check for IOException so that we don't create IOException wrapping ex, another IOException. + private void writeHeader() throws IOException { + // Write out the ConnectionHeader + out.writeInt(header.getSerializedSize()); + header.writeTo(out); + } Do we need to call out.flush() at the end of the above method ? + if (closeException == null ) { + if (!calls.isEmpty()) { + LOG.warn( + "A connection is closed for no cause and calls are not empty" ); + + // clean up calls anyway + closeException = new IOException( "Unexpected closed connection" ); Should we record the size of calls in the above warning and IOE ?
          Hide
          Ted Yu added a comment -

          I got some compilation errors:

          [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[66,45] package org.apache.hadoop.hbase.security.token does not exist
          [ERROR] 
          [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/mapreduce/TableMapReduceUtil.java:[227,8] cannot find symbol
          [ERROR] symbol  : variable TokenUtil
          [ERROR] location: class org.apache.hadoop.hbase.mapreduce.TableMapReduceUtil
          [ERROR] 
          [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/mapred/TableMapReduceUtil.java:[175,8] cannot find symbol
          [ERROR] symbol  : variable TokenUtil
          [ERROR] location: class org.apache.hadoop.hbase.mapred.TableMapReduceUtil
          [ERROR] 
          [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[240,51] package AuthenticationTokenIdentifier does not exist
          [ERROR] 
          [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[241,12] cannot find symbol
          [ERROR] symbol  : class AuthenticationTokenSelector
          [ERROR] location: class org.apache.hadoop.hbase.ipc.HBaseClient
          

          Still going through the big patch.

          Show
          Ted Yu added a comment - I got some compilation errors: [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[66,45] package org.apache.hadoop.hbase.security.token does not exist [ERROR] [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/mapreduce/TableMapReduceUtil.java:[227,8] cannot find symbol [ERROR] symbol : variable TokenUtil [ERROR] location: class org.apache.hadoop.hbase.mapreduce.TableMapReduceUtil [ERROR] [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/mapred/TableMapReduceUtil.java:[175,8] cannot find symbol [ERROR] symbol : variable TokenUtil [ERROR] location: class org.apache.hadoop.hbase.mapred.TableMapReduceUtil [ERROR] [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[240,51] package AuthenticationTokenIdentifier does not exist [ERROR] [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[241,12] cannot find symbol [ERROR] symbol : class AuthenticationTokenSelector [ERROR] location: class org.apache.hadoop.hbase.ipc.HBaseClient Still going through the big patch.
          Hide
          Devaraj Das added a comment -

          Attached the first version of the patch. Needs works still. In summary, the following is done:
          1. Removes User.java shim (and changes references to User, to UserGroupInformation).
          2. Factors in the secure client/server code into HBaseServer.java and HBaseClient.java.
          3. Removed checks like (isSecurityEnabled && isHbaseSecurityEnabled) to instead only check isSecurityEnabled.
          4. Moved HBaseSasl* classes to src/main/java/org/apache/hadoop/hbase/security/
          5. Removed SecureClient/Server/RpcEngine classes.

          Would appreciate any feedback at this point.

          Show
          Devaraj Das added a comment - Attached the first version of the patch. Needs works still. In summary, the following is done: 1. Removes User.java shim (and changes references to User, to UserGroupInformation). 2. Factors in the secure client/server code into HBaseServer.java and HBaseClient.java. 3. Removed checks like (isSecurityEnabled && isHbaseSecurityEnabled) to instead only check isSecurityEnabled. 4. Moved HBaseSasl* classes to src/main/java/org/apache/hadoop/hbase/security/ 5. Removed SecureClient/Server/RpcEngine classes. Would appreciate any feedback at this point.
          Hide
          Devaraj Das added a comment -

          I will take a stab at this.

          Show
          Devaraj Das added a comment - I will take a stab at this.
          Hide
          stack added a comment -

          Sounds good. You on this DD?

          Show
          stack added a comment - Sounds good. You on this DD?

            People

            • Assignee:
              Devaraj Das
              Reporter:
              Devaraj Das
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development