[
https://issues.apache.org/jira/browse/HADOOP-11337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dian Fu updated HADOOP-11337:
-----------------------------
Summary: KeyAuthorizationKeyProvider#doAccessCheck should throw exception
if metadata for the specified key is null (was:
KeyAuthorizationKeyProvider#doAccessCheck should throw exception when metadata
for the specified key is null)
> KeyAuthorizationKeyProvider#doAccessCheck should throw exception if metadata
> for the specified key is null
> ----------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-11337
> URL: https://issues.apache.org/jira/browse/HADOOP-11337
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Dian Fu
>
> In {{KeyAuthorizationKeyProvider#getMetadata}}, if firstly call
> {{KeyAuthorizationKeyProvider#doAccessCheck}} to check if client has the
> permission to do this operation. However, if the metadata is null when
> {{KeyAuthorizationKeyProvider#doAccessCheck}} is called and becomes not null
> after {{KeyAuthorizationKeyProvider#doAccessCheck}} called, key based ACL
> check will be skipped. It should throw an exception if metadata is null in
> {{KeyAuthorizationKeyProvider#doAccessCheck}}.
> {code}
> public Metadata getMetadata(String name) throws IOException {
> doAccessCheck(name, KeyOpType.READ);
> return provider.getMetadata(name);
> }
> private void doAccessCheck(String keyName, KeyOpType opType) throws
> IOException {
> Metadata metadata = provider.getMetadata(keyName);
> if (metadata != null) {
> String aclName = metadata.getAttributes().get(KEY_ACL_NAME);
> checkAccess((aclName == null) ? keyName : aclName, getUser(), opType);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
