[
https://issues.apache.org/jira/browse/HADOOP-6951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron T. Myers updated HADOOP-6951:
-----------------------------------
Attachment: hadoop-6951.1.txt
Updated patch to address Todd's comments.
> Distinct minicluster services (e.g. NN and JT) overwrite each other's service
> policies
> --------------------------------------------------------------------------------------
>
> Key: HADOOP-6951
> URL: https://issues.apache.org/jira/browse/HADOOP-6951
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Fix For: 0.22.0
>
> Attachments: hadoop-6951.1.txt, hadoop-6951.txt.0
>
>
> Because the protocol -> ACL mapping in ServiceAuthorizationManager is static,
> services which are run in the same JVM have the potential to clobber the
> other's service authorization ACLs whenever
> ServiceAuthorizationManager.refresh() is called. This causes authorization
> failures if one tries to launch a 2NN connected to a minicluster with
> hadoop.security.authorization enabled. Seems like each service should have
> its own instance of a ServiceAuthorizationManager, instead of using static
> methods.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
