[jira] [Commented] (HADOOP-16094) AuthenticationFilter can trigger NullPointerException in KerberosName class

Tue, 05 Feb 2019 13:15:12 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16761227#comment-16761227
 ] 

Eric Yang commented on HADOOP-16094:
------------------------------------

Hadoop-auth project builds before Hadoop-common, yet AuthenticationFilter 
depends on UserGroupInformation to implicitly initialize KerberosName.rules to 
work properly.  Hence, project that uses AuthenticationFilter must carefully 
initialize UserGroupInformation.initialize(conf, true) to side step NPE 
problem.  It is best to document this caveats in AuthenticationFilter 
documentation, or merge Hadoop auth and Hadoop common projects to avoid the 
inconvenience of circular dependencies.

> AuthenticationFilter can trigger NullPointerException in KerberosName class
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-16094
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16094
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.2.0, 3.3.0, 3.1.2
>            Reporter: Eric Yang
>            Priority: Major
>
> Hadoop AuthenticationFilter example can fail with NullPointerException if 
> auth_to_local rules has not been parsed from Configuration object.  This can 
> happen if the web application does not have any initialization code that 
> leads to triggering: UserGroupInformation.initialize(conf, boolean);
> Stacktrace:
> {code}
> 2019-02-05 20:08:05,668 [http-bio-8080-exec-11] DEBUG 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter- 
> Authentication exception: java.lang.NullPointerException
> org.apache.hadoop.security.authentication.client.AuthenticationException: 
> java.lang.NullPointerException
>       at 
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:315)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:536)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>       at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
>       at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
>       at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
>       at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
>       at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>       at 
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
>       at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>       at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
>       at 
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
>       at 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
>       at 
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>       at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>       at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.NullPointerException
>       at 
> org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:422)
>       at 
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.runWithPrincipal(KerberosAuthenticationHandler.java:352)
>       at 
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.access$000(KerberosAuthenticationHandler.java:64)
>       at 
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:304)
>       at 
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:301)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:422)
>       at 
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:300)
>       ... 18 more
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to