Repository: hive Updated Branches: refs/heads/master b7b5cb472 -> 489b37a54
HIVE-14898: HS2 shouldn't log callstack for an empty auth header error Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/489b37a5 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/489b37a5 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/489b37a5 Branch: refs/heads/master Commit: 489b37a545b383e883aa37f80ed10cfd8d213dee Parents: b7b5cb4 Author: Daniel Dai <dai...@gmail.com> Authored: Wed Aug 15 15:36:44 2018 -0700 Committer: Daniel Dai <dai...@gmail.com> Committed: Wed Aug 15 15:36:44 2018 -0700 ---------------------------------------------------------------------- .../ldap/HttpEmptyAuthenticationException.java | 23 ++++++++++++++++++++ .../service/cli/thrift/ThriftHttpServlet.java | 12 ++++++++-- 2 files changed, 33 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/489b37a5/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java ---------------------------------------------------------------------- diff --git a/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java b/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java new file mode 100644 index 0000000..b6b71bc --- /dev/null +++ b/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java @@ -0,0 +1,23 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hive.service.auth.ldap; + +import org.apache.hive.service.auth.HttpAuthenticationException; + +public class HttpEmptyAuthenticationException extends HttpAuthenticationException { + + public HttpEmptyAuthenticationException(String msg) { + super(msg); + } +} http://git-wip-us.apache.org/repos/asf/hive/blob/489b37a5/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java ---------------------------------------------------------------------- diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java index 70ffa3c..ffc5ef4 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java @@ -53,6 +53,7 @@ import org.apache.hive.service.auth.HiveAuthFactory; import org.apache.hive.service.auth.HttpAuthUtils; import org.apache.hive.service.auth.HttpAuthenticationException; import org.apache.hive.service.auth.PasswdAuthenticationProvider; +import org.apache.hive.service.auth.ldap.HttpEmptyAuthenticationException; import org.apache.hive.service.cli.HiveSQLException; import org.apache.hive.service.cli.session.SessionManager; import org.apache.thrift.TProcessor; @@ -207,7 +208,11 @@ public class ThriftHttpServlet extends TServlet { super.doPost(request, response); } catch (HttpAuthenticationException e) { - LOG.error("Error: ", e); + // Ignore HttpEmptyAuthenticationException, it is normal for knox + // to send a request with empty header + if (!(e instanceof HttpEmptyAuthenticationException)) { + LOG.error("Error: ", e); + } // Send a 401 to the client response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); if(isKerberosAuthMode(authType)) { @@ -404,6 +409,9 @@ public class ThriftHttpServlet extends TServlet { try { return serviceUGI.doAs(new HttpKerberosServerAction(request, serviceUGI)); } catch (Exception e) { + if (e.getCause() instanceof HttpEmptyAuthenticationException) { + throw (HttpEmptyAuthenticationException)e.getCause(); + } LOG.error("Failed to authenticate with hive/_HOST kerberos principal"); throw new HttpAuthenticationException(e); } @@ -546,7 +554,7 @@ public class ThriftHttpServlet extends TServlet { String authHeader = request.getHeader(HttpAuthUtils.AUTHORIZATION); // Each http request must have an Authorization header if (authHeader == null || authHeader.isEmpty()) { - throw new HttpAuthenticationException("Authorization header received " + + throw new HttpEmptyAuthenticationException("Authorization header received " + "from the client is empty."); }
