[
https://issues.apache.org/jira/browse/HDFS-16259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen O'Donnell resolved HDFS-16259.
--------------------------------------
Resolution: Fixed
Thanks for the review [~weichiu] and the discussion on this [~ayushtkn]
> Catch and re-throw sub-classes of AccessControlException thrown by any
> permission provider plugins (eg Ranger)
> --------------------------------------------------------------------------------------------------------------
>
> Key: HDFS-16259
> URL: https://issues.apache.org/jira/browse/HDFS-16259
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
> Reporter: Stephen O'Donnell
> Assignee: Stephen O'Donnell
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.2
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> When a permission provider plugin is enabled (eg Ranger) there are some
> scenarios where it can throw a sub-class of an AccessControlException (eg
> RangerAccessControlException). If this exception is allowed to propagate up
> the stack, it can give problems in the HDFS Client, when it unwraps the
> remote exception containing the AccessControlException sub-class.
> Ideally, we should make AccessControlException final so it cannot be
> sub-classed, but that would be a breaking change at this point. Therefore I
> believe the safest thing to do, is to catch any AccessControlException that
> comes out of the permission enforcer plugin, and re-throw an
> AccessControlException instead.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
