[jira] [Commented] (HADOOP-15808) Harden Token service loader use

Mon, 01 Oct 2018 12:55:11 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-15808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634539#comment-16634539
 ] 

Steve Loughran commented on HADOOP-15808:
-----------------------------------------

Patch 001

*  harden service loading in Token clases & tools.
* Also tweak logging and "modernize" the tests. 

No extra tests of service loading as the only way to do it would be to register 
faulty service implementations in the test JAR, and that could unintentionally 
break other things. Not this hardened code, obviously, but any third party code 
or a situation where the hadoop-common-test JAR from this version of hadoop 
ended up on the same classpath as hadoop-common.

Please review carefully, looking at {{FileSystem.loadFileSystems()}} as the 
source of this design

+[~daryn] [~raviprak]

BTW, noticed there's no way in the existing dtutail code to retrieve DTs for 
arbitrary filesystems, though hdfs fetchdt can do this. Unless a generic FS 
loader can be added, the command is going to need a registered service for all 
the filesystems which export DTs (abfs, wasb, now s3a). They can share the same 
reference impl, just need to return a service name which matches the URI schema

> Harden Token service loader use
> -------------------------------
>
>                 Key: HADOOP-15808
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15808
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.9.1, 3.1.2
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Major
>         Attachments: HADOOP-15808-001.patch
>
>
> The Hadoop token service loading (identifiers, renewers...) works provided 
> there's no problems loading any registered implementation. If there's a 
> classloading or classcasting problem, the exception raised will stop all 
> token support working; possibly the application not starting.
> This matters for S3A/HADOOP-14556 as things may not load if aws-sdk isn't on 
> the classpath. It probably lurks in the wasb/abfs support too, but things 
> have worked there because the installations with DT support there have always 
> had correctly set up classpaths.
> Fix: do what we did for the FS service loader. Catch failures to instantiate 
> a service provider impl and skip it



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to