[
https://issues.apache.org/jira/browse/FALCON-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13917092#comment-13917092
]
Srikanth Sundarrajan commented on FALCON-326:
---------------------------------------------
It should be fairly straight forward to make this backward compatible and save
the trouble when migration happens. I will provide the patch for this issue
shortly.
> Falcon not returning ProxyOozieClient for Simple Authentication
> ----------------------------------------------------------------
>
> Key: FALCON-326
> URL: https://issues.apache.org/jira/browse/FALCON-326
> Project: Falcon
> Issue Type: Bug
> Components: common
> Environment: QA InMobi
> Reporter: Samarth Gupta
> Assignee: Srikanth Sundarrajan
> Priority: Blocker
>
> After the security patch been merged as per JIRA
> https://issues.apache.org/jira/browse/FALCON-16
> Changes are not backward compatible since same setup worked perfectly fine
> with old falcon builds before security patch.
> all submit / schedule request are failing in distributed mode, when falcon is
> being started with default "*.falcon.http.authentication.type=simple"
> The reason being falcon returns ProxyOozieClient for both simple and kerberos
> mode.
> error on submit entity :
> {code}
> 2014-02-28 12:00:31,787 ERROR V1AdminServlet:536 - USER[-] GROUP[-] TOKEN[-]
> APP[-] JOB[-] ACTION[-] URL[GET
> http://gs1001.grid.corp.inmobi.com:11000/oozie/v1/admin/status?doAs=samarth.gupta&user.name=samarth]
> error, User [samarth] not defined as proxyuser
> java.security.AccessControlException: User [samarth] not defined as proxyuser
> at
> org.apache.oozie.service.ProxyUserService.validate(ProxyUserService.java:148)
> at
> org.apache.oozie.servlet.JsonRestServlet.getUser(JsonRestServlet.java:553)
> at
> org.apache.oozie.servlet.JsonRestServlet.service(JsonRestServlet.java:278)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.oozie.servlet.AuthFilter$2.doFilter(AuthFilter.java:126)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
> at org.apache.oozie.servlet.AuthFilter.doFilter(AuthFilter.java:131)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.oozie.servlet.HostnameFilter.doFilter(HostnameFilter.java:84)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:701)
> {code}
> even if we bypass the above error by hardcoding the remote user, following
> error comes in schedule:
> {code}
> 014-02-28 12:24:23,323 ERROR -
> [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
> b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Failure reason
> (FalconWebException:39)
> org.apache.falcon.FalconException: AUTHENTICATION : E1400 : User [samarth]
> not defined as proxyuser
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:208)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:234)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:227)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.schedule(OozieWorkflowEngine.java:107)
> at
> org.apache.falcon.resource.AbstractSchedulableEntityManager.scheduleInternal(AbstractSchedulableEntityManager.java:68)
> at
> org.apache.falcon.resource.AbstractSchedulableEntityManager.schedule(AbstractSchedulableEntityManager.java:57)
> at
> org.apache.falcon.resource.SchedulableEntityManager.schedule(SchedulableEntityManager.java:85)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
> at
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
> at
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
> at
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
> at
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
> at
> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
> at
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
> at
> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
> at
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
> at
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
> at
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
> at
> org.apache.falcon.security.BasicAuthFilter$2.doFilter(BasicAuthFilter.java:156)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
> at
> org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at
> org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Caused by: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
> at
> org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:559)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:193)
> ... 46 more
> Caused by: E1400 : User [samarth] not defined as proxyuser
> at
> org.apache.oozie.client.OozieClient.handleError(OozieClient.java:508)
> at
> org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1186)
> at
> org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1165)
> at
> org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:479)
> at
> org.apache.oozie.client.OozieClient.getBundleJobsInfo(OozieClient.java:1518)
> at
> org.apache.oozie.client.ProxyOozieClient.access$2901(ProxyOozieClient.java:48)
> at
> org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:555)
> at
> org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:553)
> at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191)
> at
> org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:553)
> ... 47 more
> 2014-02-28 12:24:23,325 ERROR -
> [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
> b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Action failed: Bad Request
> Error:AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
> (FalconWebException:58)
> {code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
