From 3bf69761e172163df320346edfc28f10d4fb9da7 Mon Sep 17 00:00:00 2001
From: Devaraj Das <ddas@apache.org>
Date: Sun, 19 Apr 2015 22:17:38 -0700
Subject: [PATCH] HBASE-13482. Phoenix is failing to scan tables on secure
 environments. (Alicia Shu)

---
 .../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java  | 4 ++++
 .../apache/hadoop/hbase/security/access/AccessController.java | 2 ++
 .../hbase/security/visibility/VisibilityController.java       | 3 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index 95b0a2c5096..1274f0235f8 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -2390,6 +2390,10 @@ public class RpcServer implements RpcServerInterface {
     return CurCall.get();
   }
 
+  public static boolean isInRpcCallContext() {
+    return CurCall.get() != null;
+  }
+
   /**
    * Returns the user credentials associated with the current RPC request or
    * <code>null</code> if no credentials were provided.
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index 03b5e39508e..51fee5caac7 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -2053,6 +2053,8 @@ public class AccessController extends BaseMasterAndRegionObserver
    * the checks performed in preScannerOpen()
    */
   private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
+    if (!RpcServer.isInRpcCallContext())
+      return;
     String requestUserName = RpcServer.getRequestUserName();
     String owner = scannerOwners.get(s);
     if (authorizationEnabled && owner != null && !owner.equals(requestUserName)) {
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
index 6e659ef47c0..922e8a50837 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
@@ -638,7 +638,8 @@ public class VisibilityController extends BaseMasterAndRegionObserver implements
    * access control is correctly enforced based on the checks performed in preScannerOpen()
    */
   private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
-    // This is duplicated code!
+    if (!RpcServer.isInRpcCallContext())
+      return;
     String requestUName = RpcServer.getRequestUserName();
     String owner = scannerOwners.get(s);
     if (authorizationEnabled && owner != null && !owner.equals(requestUName)) {