[
https://issues.apache.org/jira/browse/HBASE-8662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13688686#comment-13688686
]
Francis Liu commented on HBASE-8662:
------------------------------------
{quote}
but needs to authorize the user
{quote}
If you're talking about the proxyUsers.authorize() call as I mentioned earlier
all the information needed to do the check is cached. So this shouldn't add any
noticeable overhead at all.
{quote}
send user information to server for every call because HBase server side may
have authorization setup too.
{quote}
This is just a few bytes to send the user principal. 0.94 has about as much
bloat sent for every call and I haven't heard anyone complain.
I think if we were going to only pick one this approach would serve both cases
better than the latter.
> [rest] support impersonation
> ----------------------------
>
> Key: HBASE-8662
> URL: https://issues.apache.org/jira/browse/HBASE-8662
> Project: HBase
> Issue Type: Sub-task
> Components: REST, security
> Reporter: Jimmy Xiang
> Assignee: Jimmy Xiang
> Fix For: 0.98.0
>
> Attachments: method_doas.patch, secure_rest.patch, trunk-8662.patch,
> trunk-8662_v2.patch, trunk-8662_v3.patch
>
>
> Currently, our client API uses a fixed user: the current user. It should
> accept a user passed in, if authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
