From 436567e34da3a50ab06b5e7c885f1c5dd48484f6 Mon Sep 17 00:00:00 2001
From: Reid Chan <reidchan@apache.org>
Date: Thu, 9 Apr 2020 16:28:22 +0800
Subject: [PATCH] HBASE-24121 [Authorization] ServiceAuthorizationManager isn't
 dynamically updatable. And it should be (#1439)

Signed-off-by: Bharath Vissapragada <bharathv@apache.org>
Signed-off-by: Michael Stack <stack@apache.org>
---
 .../java/org/apache/hadoop/hbase/ipc/RpcServer.java    | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index 5d5b1c09601..06b95c7e2a9 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -48,6 +48,7 @@ import org.apache.hadoop.hbase.monitoring.TaskMonitor;
 import org.apache.hadoop.hbase.regionserver.RSRpcServices;
 import org.apache.hadoop.hbase.regionserver.slowlog.RpcLogDetails;
 import org.apache.hadoop.hbase.regionserver.slowlog.SlowLogRecorder;
+import org.apache.hadoop.hbase.security.HBasePolicyProvider;
 import org.apache.hadoop.hbase.security.SaslUtil;
 import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection;
 import org.apache.hadoop.hbase.security.User;
@@ -58,6 +59,7 @@ import org.apache.hadoop.hbase.util.Pair;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.apache.hadoop.security.authorize.PolicyProvider;
+import org.apache.hadoop.security.authorize.ProxyUsers;
 import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
 import org.apache.hadoop.security.token.SecretManager;
 import org.apache.hadoop.security.token.TokenIdentifier;
@@ -311,6 +313,14 @@ public abstract class RpcServer implements RpcServerInterface,
     if (scheduler instanceof ConfigurationObserver) {
       ((ConfigurationObserver) scheduler).onConfigurationChange(newConf);
     }
+    // Make sure authManager will read hbase-policy file
+    System.setProperty("hadoop.policy.file", "hbase-policy.xml");
+    synchronized (authManager) {
+      authManager.refresh(newConf, new HBasePolicyProvider());
+    }
+    LOG.info("Refreshed hbase-policy.xml successfully");
+    ProxyUsers.refreshSuperUserGroupsConfiguration(newConf);
+    LOG.info("Refreshed super and proxy users successfully");
   }
 
   protected void initReconfigurable(Configuration confToLoad) {