[jira] [Commented] (PHOENIX-2817) Phoenix-Spark plugin doesn't work in secured env

Josh Mahonin (JIRA) Mon, 04 Apr 2016 16:47:12 -0700

    [ 
https://issues.apache.org/jira/browse/PHOENIX-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15225298#comment-15225298
 ]


Josh Mahonin commented on PHOENIX-2817:
---------------------------------------

In PhoenixRDD.scala, you likely want to check if the Option returned by 
getZookeeperUrl 'isEmpty' instead of '== null'.

{noformat}
if(ConfigurationUtil.getZookeeperURL(config).isEmpty) {
{noformat}

As well, I don't believe the 'concat()' function is null-safe. I tried this and 
got an NPE:
{noformat}
val foo: String = null
val bar: String = ""
def concat (str: String*) = str filter (_.nonEmpty) mkString ":"
concat(foo, bar)
{noformat}

An alternative would be to wrap each conf.get() in an Option (since 
Option(null) == None), then flatten the list to remove the Nones, for something 
like this:

{noformat}
  def getZookeeperURL(conf: Configuration): Option[String] = {
      List(
        Option(conf.get(HConstants.ZOOKEEPER_QUORUM)),
        Option(conf.get(HConstants.ZOOKEEPER_CLIENT_PORT)),
        Option(conf.get(HConstants.ZOOKEEPER_ZNODE_PARENT))
      ).flatten match {
        case Nil => None
        case x: List[String] => Some(x.mkString(":"))
      }
  }
{noformat}

That's not necessarily ideal either, since someone could end up with a weird 
url like "2181:/hbase", but it's probably an unlikely scenario. FWIW, I don't 
think you need to update the wording in the exception to include all 3 
parameters.

> Phoenix-Spark plugin doesn't work in secured env
> ------------------------------------------------
>
>                 Key: PHOENIX-2817
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-2817
>             Project: Phoenix
>          Issue Type: Bug
>    Affects Versions: 4.4.0, 4.7.0
>            Reporter: Sergey Soldatov
>            Assignee: Sergey Soldatov
>         Attachments: PHOENIX-2817-1.patch, PHOENIX-2817-2.patch
>
>
> When phoenix spark plugin is used with secured setup any attempt to perform 
> operation with PhoenixRDD cause an exception : 
> {noformat}
> Caused by: java.io.IOException: Login failure for 2181 from keytab /hbase: 
> javax.security.auth.login.LoginException: Unable to obtain password from user
>       at 
> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
>       at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:275)
>       at 
> org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:386)
>       at org.apache.hadoop.hbase.security.User.login(User.java:253)
>       at 
> org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:282)
>       ... 107 more
> Caused by: javax.security.auth.login.LoginException: Unable to obtain 
> password from user
>       at 
> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
>       at 
> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
>       at 
> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:497)
>       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
>       at 
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
>       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
>       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>       at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
>       at 
> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
>       ... 111 more
> {noformat}
> The reason is the how zkUrl is handled in PhoenixRDD: 
> {noformat}
> config.set(HConstants.ZOOKEEPER_QUORUM, url )
> {noformat}
> At the same time the {{ConnectionUtil.getInputConnection}} expects to see all 
> parameters (quorum address, port, znodeParent) in different Configuration 
> properties. As the result it gets default values for port and znodeParent and 
> adds it to the provided url, so the {{PhoenixEmbededDriver.create}} receives 
> something like that:
> {noformat}
> jdbc:phoenix:quorum:2181:/hbase-secure:2181:/hbase
> {noformat}
> and consider 2 fields as kerberos principal and keytab.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (PHOENIX-2817) Phoenix-Spark plugin doesn't work in secured env

Reply via email to