[jira] [Commented] (RANGER-2538) Ranger policy import calls via knox trusted proxy failing

Sat, 17 Aug 2019 14:30:04 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-2538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16909830#comment-16909830
 ] 

Sailaja Polavarapu commented on RANGER-2538:
--------------------------------------------

Request /response flow between Knox and Ranger with kerberos authentication 
supposed to be as follows:
 # Knox sends unauthenticated request (with 100-expect)
 # Ranger replies with 401 for authentication (and Connection: close)
 # Knox sends the authentication with Negotiate header, authentication 
succeeded and now Knox retries sending the payload

But with tomcat sever (which is what Ranger uses), at step #2, tomcat sends 
back 100-continue header before ranger web filter reacts with 401. When Knox 
receives 100-continue, it starts pumping data immediately and the 401 sent by 
the ranger web filter layer is lost. So at some point the connection is closed 
according to ranger and hence the broken pipe error.

In order to fix this, I added code in ranger web filter to wait till all the 
data is received and then respond with 401. That way knox can re-open the 
connection and send the negotiate header with the data.

 

> Ranger policy import calls via knox trusted proxy failing
> ---------------------------------------------------------
>
>                 Key: RANGER-2538
>                 URL: https://issues.apache.org/jira/browse/RANGER-2538
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>            Reporter: Sailaja Polavarapu
>            Assignee: Sailaja Polavarapu
>            Priority: Major
>
> Posting large data through knox TP is causing the following exception in knox:
> java.net.SocketException: Broken pipe (Write failed) 
> java.net.SocketException: Broken pipe (Write failed) at 
> java.net.SocketOutputStream.socketWrite0(Native Method) at 
> java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111) at 
> java.net.SocketOutputStream.write(SocketOutputStream.java:155) at 
> org.apache.http.impl.io.SessionOutputBufferImpl.streamWrite(SessionOutputBufferImpl.java:124)
>  at 
> org.apache.http.impl.io.SessionOutputBufferImpl.flushBuffer(SessionOutputBufferImpl.java:136)
>  at 
> org.apache.http.impl.io.SessionOutputBufferImpl.write(SessionOutputBufferImpl.java:167)
>  at 
> org.apache.http.impl.io.ChunkedOutputStream.flushCacheWithAppend(ChunkedOutputStream.java:122)
>  at 
> org.apache.http.impl.io.ChunkedOutputStream.write(ChunkedOutputStream.java:179)
>  at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2315) at 
> org.apache.commons.io.IOUtils.copy(IOUtils.java:2270) at 
> org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2291)



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to