Fix up after bulk move overwrote some 0.94.2 fix versions w/ 0.95.0 (Noticed by Lars Hofhansl)

Integrated in HBase-0.94-security-on-Hadoop-23 #7 (See https://builds.apache.org/job/HBase-0.94-security-on-Hadoop-23/7/)
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378268)

Result = FAILURE
Tedyu :
Files :

• /hbase/branches/0.94/pom.xml
• /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java

Integrated in HBase-0.94-security #51 (See https://builds.apache.org/job/HBase-0.94-security/51/)
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378268)

Result = FAILURE
Tedyu :
Files :

• /hbase/branches/0.94/pom.xml
• /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java

EDIT:
If so, then a user Joe who is not kerberos authenticated can access hbase services by piggybacking on hbase credentials?

Sorry for chiming in late, but I want to understand what is going on here. I was reading HBase security code and the attached patch. A basic question:
Do we support proxy users? If so, then a use Joe who is not kerberos authenticated can access hbase services by piggybacking on hbase credentials. How one can enable/use it? Please share.

Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #153 (See https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/153/)
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378142)

Result = FAILURE
Tedyu :
Files :

• /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java

Integrated in HBase-0.94 #442 (See https://builds.apache.org/job/HBase-0.94/442/)
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378268)

Result = FAILURE
Tedyu :
Files :

• /hbase/branches/0.94/pom.xml
• /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java

Integrated to 0.94 as well.

Thanks for the patch, Francis.

Thanks for the review, Andy.

-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12542800/proxy_fix_94.patch
against trunk revision .

+1 @author. The patch does not contain any @author tags.

-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.

-1 patch. The patch command could not apply the patch.

Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/2722//console

This message is automatically generated.

updated 0.94 patch.

Integrated in HBase-TRUNK #3289 (See https://builds.apache.org/job/HBase-TRUNK/3289/)
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378142)

Result = FAILURE
Tedyu :
Files :

• /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java

Integrated to trunk.

@Francis:
Can you attach patch for 0.94 ?

Thanks

Looks good to me. This should be applied to 0.94 too.

@Gary, @Andy:
Do you have further comment about Francis' patch ?

-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12542654/6671-trunk-v2.txt
against trunk revision .

+1 @author. The patch does not contain any @author tags.

-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.

+1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.

-1 javadoc. The javadoc tool appears to have generated 94 warning messages.

-1 javac. The applied patch generated 5 javac compiler warnings (more than the trunk's current 4 warnings).

-1 findbugs. The patch appears to introduce 13 new Findbugs (version 1.3.9) warnings.

+1 release audit. The applied patch does not increase the total number of release audit warnings.

+1 core tests. The patch passed unit tests in .

Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//console

This message is automatically generated.

Looks good to me.

v2 addresses the above comments.

getConnectionAuthenticationMethod() is a private method, can it be inlined ?

Minor:
javadoc for parameters of getConnectionAuthenticationMethod() and isAllowedDelegationTokenOp() is missing.

Will do, thanks for the tip.

@Francis:
Hadoop QA would pick up the latest attachment.
In the future, please attach trunk patch last.

0.94 patch, includes updating the hadoop-0.23 dependency since there are binary incompatible changes. Also 0.23.3 should be released in a few weeks.

Logic is culled from the namenode and jobtracker for consistency.