Na Li created SENTRY-2486:
-----------------------------
Summary: Wrong user name when sentry HMSFollower gets full
snapshot from HMS at insecure mode
Key: SENTRY-2486
URL: https://issues.apache.org/jira/browse/SENTRY-2486
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.2.0
Reporter: Na Li
Assignee: Na Li
In insecure mode, the current login user name is passed from Sentry to HMS
server when sentry HMSFollower gets full snapshot from HMS.
The user name should be "sentry" instead of current login user.
The followiong code shows how current login user name is used when subject is
null.
In UserGroupInformation, if the context does not have subject, the
getLoginUser()
@Public
@Evolving
public static UserGroupInformation getCurrentUser() throws IOException {
AccessControlContext context = AccessController.getContext();
Subject subject = Subject.getSubject(context);
return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
new UserGroupInformation(subject) : getLoginUser();
}
This issue should not happen in production because secure mode is always used.
Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
