Review Board 1.7.22


FLUME-2023. Flume must login to secure HBase before creating the HTable instance

Review Request #10769 - Created April 24, 2013 and submitted

Hari Shreedharan
FLUME-2023
Reviewers
Flume
flume-git
Move the code that creates the HTable into runPrivileged call, and make sure the login is done before that.
Manually verified.
flume-ng-sinks/flume-ng-hbase-sink/src/main/java/org/apache/flume/sink/hbase/HBaseSink.java
Revision 31fb7ff New Change
[20] 108 lines
[+20] [+] public class HBaseSink extends AbstractSink implements Configurable {
109
  @Override
109
  @Override
110
  public void start(){
110
  public void start(){
111
    Preconditions.checkArgument(table == null, "Please call stop " +
111
    Preconditions.checkArgument(table == null, "Please call stop " +
112
        "before calling start on an old instance.");
112
        "before calling start on an old instance.");
113
    try {
113
    try {
114
      table = new HTable(config, tableName);

   
115
      //flush is controlled by us. This ensures that HBase changing

   
116
      //their criteria for flushing does not change how we flush.

   
117
      table.setAutoFlush(false);

   
118
    } catch (IOException e) {

   
119
      logger.error("Could not load table, " + tableName +
Moved to 134

   
120
          " from HBase", e);
Moved to 135

   
121
      throw new FlumeException("Could not load table, " + tableName +
Moved to 136

   
122
          " from HBase", e);
Moved to 137

   
123
    }
Moved to 138

   
124
    try {
Moved to 139

   
125
      if (HBaseSinkSecurityManager.isSecurityEnabled(config)) {
114
      if (HBaseSinkSecurityManager.isSecurityEnabled(config)) {
126
        hbaseUser = HBaseSinkSecurityManager.login(config, null,
115
        hbaseUser = HBaseSinkSecurityManager.login(config, null,
127
                kerberosPrincipal, kerberosKeytab);
116
          kerberosPrincipal, kerberosKeytab);
128
      }
117
      }
129
    } catch (Exception ex) {
118
    } catch (Exception ex) {
130
      throw new FlumeException("Failed to login to HBase using "
119
      throw new FlumeException("Failed to login to HBase using "
131
              + "provided credentials.", ex);
120
        + "provided credentials.", ex);
132
    }
121
    }
133
    try {
122
    try {

    
   
123
      table = runPrivileged(new PrivilegedExceptionAction<HTable>() {

    
   
124
        @Override

    
   
125
        public HTable run() throws Exception {

    
   
126
          HTable table = new HTable(config, tableName);

    
   
127
          table.setAutoFlush(false);

    
   
128
          // Flush is controlled by us. This ensures that HBase changing

    
   
129
          // their criteria for flushing does not change how we flush.

    
   
130
          return table;

    
   
131
        }

    
   
132
      });

    
   
133
    } catch (Exception e) {
Moved from 119

    
   
134
      logger.error("Could not load table, " + tableName +
Moved from 120

    
   
135
          " from HBase", e);
Moved from 121

    
   
136
      throw new FlumeException("Could not load table, " + tableName +
Moved from 122

    
   
137
          " from HBase", e);
Moved from 123

    
   
138
    }
Moved from 124

    
   
139
    try {
134
      if (!runPrivileged(new PrivilegedExceptionAction<Boolean>() {
140
      if (!runPrivileged(new PrivilegedExceptionAction<Boolean>() {
135
        @Override
141
        @Override
136
        public Boolean run() throws IOException {
142
        public Boolean run() throws IOException {
137
          return table.getTableDescriptor().hasFamily(columnFamily);
143
          return table.getTableDescriptor().hasFamily(columnFamily);
138
        }
144
        }
[+20] [20] 167 lines
  1. flume-ng-sinks/flume-ng-hbase-sink/src/main/java/org/apache/flume/sink/hbase/HBaseSink.java: Loading...