Uploaded image for project: 'Apache Storm'
  1. Apache Storm
  2. STORM-2563

Remove the workaround to handle missing UGI.loginUserFromSubject

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0, 1.1.1, 1.2.0
    • Component/s: None
    • Labels:
      None

      Description

      https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java#L225
      The "userCons.setAccessible(true)" invokes constructor of a package private class bypassing the Java access control checks and raising red flags in our internal security scans.

      The "loginUserFromSubject(Subject subject)" has been added to UGI (https://issues.apache.org/jira/browse/HADOOP-10164) and available since Hadoop version 2.3 released over three years ago (http://hadoop.apache.org/releases.html).

      I think the workaround is no longer required since the case will not happen when using hadoop-common versions >= 2.3

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                arunmahadevan Arun Mahadevan
                Reporter:
                arunmahadevan Arun Mahadevan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m