[jira] [Comment Edited] (FALCON-326) Falcon not returning ProxyOozieClient for Simple Authentication

Sun, 02 Mar 2014 22:31:26 -0800 

    [ 
https://issues.apache.org/jira/browse/FALCON-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13917768#comment-13917768
 ] 

Samarth Gupta edited comment on FALCON-326 at 3/3/14 6:28 AM:
--------------------------------------------------------------

updated oozie-site.xml with changes suggested by [~svenkat]

i have used the setting "${user.name}"  , do i need to replace it with some 
specific hardcocded user name like "samarth" , "oozie" , "falcon"  etc .....
If this value is expected to be hardcoded and be equal to the used who is 
submitting the job, it will be very difficult for us at inmobi, since we have 
lot of different users submitting jobs. 


was (Author: samarthg):
updated oozie-site.xml with changes suggested by [~svenkat]

> Falcon not returning ProxyOozieClient for Simple Authentication 
> ----------------------------------------------------------------
>
>                 Key: FALCON-326
>                 URL: https://issues.apache.org/jira/browse/FALCON-326
>             Project: Falcon
>          Issue Type: Bug
>          Components: common
>         Environment: QA InMobi 
>            Reporter: Samarth Gupta
>            Assignee: Srikanth Sundarrajan
>            Priority: Blocker
>         Attachments: oozie-site.xml
>
>
> After the security patch been merged as per JIRA 
> https://issues.apache.org/jira/browse/FALCON-16
> Changes are not backward compatible since same setup worked perfectly fine 
> with old falcon builds before security patch. 
> all submit / schedule request are failing in distributed mode, when falcon is 
> being started with default "*.falcon.http.authentication.type=simple" 
> The reason being falcon returns ProxyOozieClient for both simple and kerberos 
> mode. 
> error on submit entity :
> {code}
> 2014-02-28 12:00:31,787 ERROR V1AdminServlet:536 - USER[-] GROUP[-] TOKEN[-] 
> APP[-] JOB[-] ACTION[-] URL[GET 
> http://gs1001.grid.corp.inmobi.com:11000/oozie/v1/admin/status?doAs=samarth.gupta&user.name=samarth]
>  error, User [samarth] not defined as proxyuser
> java.security.AccessControlException: User [samarth] not defined as proxyuser
>        at 
> org.apache.oozie.service.ProxyUserService.validate(ProxyUserService.java:148)
>        at 
> org.apache.oozie.servlet.JsonRestServlet.getUser(JsonRestServlet.java:553)
>        at 
> org.apache.oozie.servlet.JsonRestServlet.service(JsonRestServlet.java:278)
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>        at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>        at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at org.apache.oozie.servlet.AuthFilter$2.doFilter(AuthFilter.java:126)
>        at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
>        at org.apache.oozie.servlet.AuthFilter.doFilter(AuthFilter.java:131)
>        at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>        at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at 
> org.apache.oozie.servlet.HostnameFilter.doFilter(HostnameFilter.java:84)
>        at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>        at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>        at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>        at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>        at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>        at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>        at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>        at 
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
>        at 
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
>        at 
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>        at java.lang.Thread.run(Thread.java:701)
> {code}
> even if we bypass the above error by hardcoding the remote user, following 
> error comes in schedule:
> {code}
> 014-02-28 12:24:23,323 ERROR - 
> [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
>  b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Failure reason 
> (FalconWebException:39)
> org.apache.falcon.FalconException: AUTHENTICATION : E1400 : User [samarth] 
> not defined as proxyuser
>        at 
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:208)
>        at 
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:234)
>        at 
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:227)
>        at 
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.schedule(OozieWorkflowEngine.java:107)
>        at 
> org.apache.falcon.resource.AbstractSchedulableEntityManager.scheduleInternal(AbstractSchedulableEntityManager.java:68)
>        at 
> org.apache.falcon.resource.AbstractSchedulableEntityManager.schedule(AbstractSchedulableEntityManager.java:57)
>        at 
> org.apache.falcon.resource.SchedulableEntityManager.schedule(SchedulableEntityManager.java:85)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at 
> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>        at 
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
>        at 
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>        at 
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
>        at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>        at 
> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>        at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>        at 
> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>        at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
>        at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
>        at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
>        at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
>        at 
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
>        at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
>        at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>        at 
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
>        at 
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
>        at 
> org.apache.falcon.security.BasicAuthFilter$2.doFilter(BasicAuthFilter.java:156)
>        at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
>        at 
> org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194)
>        at 
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
>        at 
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
>        at 
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
>        at 
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
>        at 
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
>        at 
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
>        at 
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
>        at org.mortbay.jetty.Server.handle(Server.java:326)
>        at 
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
>        at 
> org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
>        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
>        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
>        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>        at 
> org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
>        at 
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Caused by: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
>        at 
> org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:559)
>        at 
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:193)
>        ... 46 more
> Caused by: E1400 : User [samarth] not defined as proxyuser
>        at 
> org.apache.oozie.client.OozieClient.handleError(OozieClient.java:508)
>        at 
> org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1186)
>        at 
> org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1165)
>        at 
> org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:479)
>        at 
> org.apache.oozie.client.OozieClient.getBundleJobsInfo(OozieClient.java:1518)
>        at 
> org.apache.oozie.client.ProxyOozieClient.access$2901(ProxyOozieClient.java:48)
>        at 
> org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:555)
>        at 
> org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:553)
>        at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191)
>        at 
> org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:553)
>        ... 47 more
> 2014-02-28 12:24:23,325 ERROR - 
> [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
>  b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Action failed: Bad Request
> Error:AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
> (FalconWebException:58)
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to