diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java index 108919740c4..c52c764c1e0 100644 --- a/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java @@ -20,9 +20,8 @@ package org.apache.hadoop.hbase.security; import java.io.IOException; -import java.util.Collection; -import java.util.HashSet; -import java.util.Set; +import java.util.ArrayList; +import java.util.List; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.AuthUtil; @@ -41,8 +40,8 @@ public final class Superusers { /** Configuration key for superusers */ public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name - private static Set superUsers; - private static Set superGroups; + private static List superUsers; + private static List superGroups; private static User systemUser; private Superusers(){} @@ -55,8 +54,8 @@ public final class Superusers { * @throws IllegalStateException if current user is null */ public static void initialize(Configuration conf) throws IOException { - superUsers = new HashSet<>(); - superGroups = new HashSet<>(); + superUsers = new ArrayList<>(); + superGroups = new ArrayList<>(); systemUser = User.getCurrent(); if (systemUser == null) { @@ -64,10 +63,10 @@ public final class Superusers { + "authorization checks for internal operations will not work correctly!"); } + if (LOG.isTraceEnabled()) { + LOG.trace("Current user name is " + systemUser.getShortName()); + } String currentUser = systemUser.getShortName(); - LOG.trace("Current user name is {}", currentUser); - superUsers.add(currentUser); - String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]); for (String name : superUserList) { if (AuthUtil.isGroupPrincipal(name)) { @@ -76,6 +75,7 @@ public final class Superusers { superUsers.add(name); } } + superUsers.add(currentUser); } /** @@ -88,11 +88,12 @@ public final class Superusers { public static boolean isSuperUser(User user) { if (superUsers == null) { throw new IllegalStateException("Super users/super groups lists" - + " have not been initialized properly."); + + " haven't been initialized properly."); } if (superUsers.contains(user.getShortName())) { return true; } + for (String group : user.getGroupNames()) { if (superGroups.contains(group)) { return true; @@ -101,7 +102,7 @@ public final class Superusers { return false; } - public static Collection getSuperUsers() { + public static List getSuperUsers() { return superUsers; } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index f181747d0be..138a40e3111 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -34,7 +34,6 @@ import java.io.IOException; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collection; import java.util.Collections; import java.util.List; @@ -1678,7 +1677,7 @@ public class TestAccessController extends SecureTestUtil { acl.close(); } - Collection superUsers = Superusers.getSuperUsers(); + List superUsers = Superusers.getSuperUsers(); List adminPerms = new ArrayList<>(superUsers.size() + 1); adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));