[ 
https://issues.apache.org/jira/browse/RANGER-2853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

gaozhan ding updated RANGER-2853:
---------------------------------
    Description: 
We use ranger with kerberos. When enable ranger-kms for hdfs encryption, we got 
an error from ranger admin web ui. On the premise that all configurations have 
been completed, I can not list keys in ranger admin, errors are as follows: 
Unauthenticated : Please check the permission in the policy for the user. 
{panel:title=logs in ranger admin:}
XXXX-XX-XX 13:09:39,164 [http-bio-6182-exec-10] INFO 
org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request 
failed. loginId=keyadmin, logMessage=Unauthenticated : Please check the 
permission in the policy for the user
 javax.ws.rs.WebApplicationException
 at 
org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56)
 at 
org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:325)
 at org.apache.ranger.rest.XKeyREST.handleError(XKeyREST.java:215)
 at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:87)
 at 
org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke(<generated>)

......
{panel}
I studied the problem and found that this problem have nothing to do with 
authentication, it is an exception caused by NPE. I try print that exception:
{panel:title=NPE}
XXXX-XX-XX 07:16:42,615 [http-bio-6182-exec-2] ERROR 
org.apache.ranger.biz.KmsKeyMgr (KmsKeyMgr.java:176) - test_for_ranger:
 java.lang.NullPointerException
 at 
org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:395)
 at org.apache.hadoop.security.User.<init>(User.java:48)
 at 
org.apache.hadoop.security.SecureClientLogin.loginUserFromKeytab(SecureClientLogin.java:66)
 at org.apache.ranger.biz.KmsKeyMgr.getSubjectForKerberos(KmsKeyMgr.java:574)
 at org.apache.ranger.biz.KmsKeyMgr.searchKeys(KmsKeyMgr.java:152)
 at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:85)
 at 
org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke(<generated>)
 at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
 at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736)
 at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
 at 
org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69)
 at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 at 
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
 at 
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
 at 
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
 at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
 at 
org.apache.ranger.rest.XKeyREST$$EnhancerBySpringCGLIB$$5010f39f.searchKeys(<generated>)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at 
com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
 at 
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
 at 
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
 at 
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
 at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
 at 
com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
 at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
 at 
com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
 at 
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
 at 
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
 at 
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
 at 
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)

......
{panel}
  !image.png!

  was:
We use ranger with kerberos. When enable ranger-kms for hdfs encryption, we got 
an error from ranger admin web ui. On the premise that all configurations have 
been completed, I can not list keys in ranger admin, errors are as follows: 
Unauthenticated : Please check the permission in the policy for the user. 
{panel:title=logs in ranger admin:}
XXXX-XX-XX 13:09:39,164 [http-bio-6182-exec-10] INFO 
org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request 
failed. loginId=keyadmin, logMessage=Unauthenticated : Please check the 
permission in the policy for the user
 javax.ws.rs.WebApplicationException
 at 
org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56)
 at 
org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:325)
 at org.apache.ranger.rest.XKeyREST.handleError(XKeyREST.java:215)
 at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:87)
 at 
org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke(<generated>)

......
{panel}
I studied the problem and found that this problem have nothing to do with 
authentication, it is an exception caused by NPE. I try print that exception:
{panel:title=NPE}
XXXX-XX-XX 07:16:42,615 [http-bio-6182-exec-2] ERROR 
org.apache.ranger.biz.KmsKeyMgr (KmsKeyMgr.java:176) - test_for_ranger:
 java.lang.NullPointerException
 at 
org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:395)
 at org.apache.hadoop.security.User.<init>(User.java:48)
 at 
org.apache.hadoop.security.SecureClientLogin.loginUserFromKeytab(SecureClientLogin.java:66)
 at org.apache.ranger.biz.KmsKeyMgr.getSubjectForKerberos(KmsKeyMgr.java:574)
 at org.apache.ranger.biz.KmsKeyMgr.searchKeys(KmsKeyMgr.java:152)
 at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:85)
 at 
org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke(<generated>)
 at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
 at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736)
 at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
 at 
org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69)
 at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 at 
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
 at 
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
 at 
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
 at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
 at 
org.apache.ranger.rest.XKeyREST$$EnhancerBySpringCGLIB$$5010f39f.searchKeys(<generated>)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at 
com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
 at 
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
 at 
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
 at 
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
 at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
 at 
com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
 at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
 at 
com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
 at 
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
 at 
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
 at 
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
 at 
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)

......
{panel}
 


> "Unauthenticated : Please check the permission in the policy for the user": 
> An NPE in ranger admin when enable kms.
> -------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-2853
>                 URL: https://issues.apache.org/jira/browse/RANGER-2853
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 1.2.0
>            Reporter: gaozhan ding
>            Priority: Major
>         Attachments: image.png
>
>
> We use ranger with kerberos. When enable ranger-kms for hdfs encryption, we 
> got an error from ranger admin web ui. On the premise that all configurations 
> have been completed, I can not list keys in ranger admin, errors are as 
> follows: Unauthenticated : Please check the permission in the policy for the 
> user. 
> {panel:title=logs in ranger admin:}
> XXXX-XX-XX 13:09:39,164 [http-bio-6182-exec-10] INFO 
> org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request 
> failed. loginId=keyadmin, logMessage=Unauthenticated : Please check the 
> permission in the policy for the user
>  javax.ws.rs.WebApplicationException
>  at 
> org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56)
>  at 
> org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:325)
>  at org.apache.ranger.rest.XKeyREST.handleError(XKeyREST.java:215)
>  at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:87)
>  at 
> org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke(<generated>)
> ......
> {panel}
> I studied the problem and found that this problem have nothing to do with 
> authentication, it is an exception caused by NPE. I try print that exception:
> {panel:title=NPE}
> XXXX-XX-XX 07:16:42,615 [http-bio-6182-exec-2] ERROR 
> org.apache.ranger.biz.KmsKeyMgr (KmsKeyMgr.java:176) - test_for_ranger:
>  java.lang.NullPointerException
>  at 
> org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:395)
>  at org.apache.hadoop.security.User.<init>(User.java:48)
>  at 
> org.apache.hadoop.security.SecureClientLogin.loginUserFromKeytab(SecureClientLogin.java:66)
>  at org.apache.ranger.biz.KmsKeyMgr.getSubjectForKerberos(KmsKeyMgr.java:574)
>  at org.apache.ranger.biz.KmsKeyMgr.searchKeys(KmsKeyMgr.java:152)
>  at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:85)
>  at 
> org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke(<generated>)
>  at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>  at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736)
>  at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>  at 
> org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69)
>  at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>  at 
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>  at 
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>  at 
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>  at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>  at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
>  at 
> org.apache.ranger.rest.XKeyREST$$EnhancerBySpringCGLIB$$5010f39f.searchKeys(<generated>)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>  at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>  at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  at java.lang.reflect.Method.invoke(Method.java:498)
>  at 
> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>  at 
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
>  at 
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>  at 
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
>  at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>  at 
> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>  at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>  at 
> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>  at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
>  at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
>  at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
>  at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
> ......
> {panel}
>   !image.png!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to