[ https://issues.apache.org/jira/browse/RANGER-4300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rakesh Gupta updated RANGER-4300: --------------------------------- Attachment: 0002-RANGER-4300.patch > HBase shell revoke command failed with 'HTTP 400 Error: > processSecureRevokeRequest processing failed' > ----------------------------------------------------------------------------------------------------- > > Key: RANGER-4300 > URL: https://issues.apache.org/jira/browse/RANGER-4300 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Rakesh Gupta > Assignee: Rakesh Gupta > Priority: Major > Attachments: 0002-RANGER-4300.patch > > > HBase shell revoke command failed with 'HTTP 400 Error: > processSecureRevokeRequest processing failed' > {code:java} > hbase:001:0> revoke 'hrt_11' > ERROR: org.apache.hadoop.hbase.coprocessor.CoprocessorException: HTTP 400 > Error: processSecureRevokeRequest processing failed > at > org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preRevoke(RangerAuthorizationCoprocessor.java:1309) > at > org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preRevoke(RangerAuthorizationCoprocessor.java:1128) > at > org.apache.hadoop.hbase.master.MasterCoprocessorHost$162.call(MasterCoprocessorHost.java:1857) > at > org.apache.hadoop.hbase.master.MasterCoprocessorHost$162.call(MasterCoprocessorHost.java:1854) > at > org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithoutResult.callObserver(CoprocessorHost.java:558) > at > org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:631) > at > org.apache.hadoop.hbase.master.MasterCoprocessorHost.preRevoke(MasterCoprocessorHost.java:1854) > at > org.apache.hadoop.hbase.master.MasterRpcServices.revoke(MasterRpcServices.java:2740) > at > org.apache.hadoop.hbase.shaded.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java) > at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:387) > at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:139) > at > org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:369) > at > org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:349) > For usage try 'help "revoke"' > Took 1.3487 seconds > hbase:002:0> grant 'hrt_2', 'R' > Took 0.7979 seconds > hbase:003:0> grant 'hrt_11', 'R' > Took 0.9092 seconds > {code} > Error log from Ranger admin log > {code:java} > 2023-05-30 09:49:15,474 ERROR org.apache.ranger.rest.ServiceREST: > [https-jsse-nio-6182-exec-8]: processSecureRevokeRequest processing failed > 2023-05-30 09:49:15,475 ERROR org.apache.ranger.rest.ServiceREST: > [https-jsse-nio-6182-exec-8]: secureRevokeAccess(cm_hbase, > GrantRevokeRequest={grantor={hbase} grantorGroups={hbase } > resource={column-family=*; column=*; table=*; } users={hrt_11 } groups={} > accessTypes={read create admin write execute } delegateAdmin={true} > enableAudit={true} replaceExistingPermissions={true} isRecursive={false} > clientIPAddress={10.64.62.37} clientType={null} requestData={UserPermission: > user=hrt_11, [GlobalPermission: actions=]} sessionId={null} > clusterName={null} zoneName={null} }) failed > java.lang.Exception: processSecureRevokeRequest processing failed > at > org.apache.ranger.rest.ServiceREST.secureRevokeAccess(ServiceREST.java:1590) > [classes/:?] > at > org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke(<generated>) > [classes/:?] > at > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) > [spring-core-5.3.27.jar:5.3.27] > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793) > [spring-aop-5.3.27.jar:5.3.27] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > [spring-aop-5.3.27.jar:5.3.27] > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) > [spring-aop-5.3.27.jar:5.3.27] > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) > [spring-tx-5.3.27.jar:5.3.27] > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388) > [spring-tx-5.3.27.jar:5.3.27] > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) > [spring-tx-5.3.27.jar:5.3.27] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > [spring-aop-5.3.27.jar:5.3.27] > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) > [spring-aop-5.3.27.jar:5.3.27] > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708) > [spring-aop-5.3.27.jar:5.3.27] > at > org.apache.ranger.rest.ServiceREST$$EnhancerBySpringCGLIB$$5d787cbb.secureRevokeAccess(<generated>) > [classes/:?] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) > [jersey-server-1.19.jar:1.19] > at > com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) > [jersey-bundle-1.19.3.jar:1.19.3] > at > com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558) > [jersey-bundle-1.19.3.jar:1.19.3] > at > com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733) > [jersey-bundle-1.19.3.jar:1.19.3] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:582) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:212) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:156) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > [tomcat-embed-websocket-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:181) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:156) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:337) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter.doFilter(RangerSecurityContextFormationFilter.java:151) > [classes/:?] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter$ServletFilterHttpInteraction.proceed(RangerCSRFPreventionFilter.java:237) > [classes/:?] > at > org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter.handleHttpInteraction(RangerCSRFPreventionFilter.java:179) > [classes/:?] > at > org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter.doFilter(RangerCSRFPreventionFilter.java:192) > [classes/:?] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter.doFilter(RangerKRBAuthenticationFilter.java:327) > [classes/:?] > at > org.apache.ranger.security.web.filter.RangerKrbFilter.doFilter(RangerKrbFilter.java:500) > [classes/:?] > at > org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter.doFilter(RangerKRBAuthenticationFilter.java:359) > [classes/:?] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.apache.ranger.security.web.filter.RangerJwtAuthWrapper.doFilter(RangerJwtAuthWrapper.java:95) > [classes/:?] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter.doFilter(RangerSSOAuthenticationFilter.java:269) > [classes/:?] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:166) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > [spring-web-5.3.27.jar:5.3.27] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > [spring-web-5.3.27.jar:5.3.27] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > [spring-web-5.3.27.jar:5.3.27] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.session.ForceEagerSessionCreationFilter.doFilterInternal(ForceEagerSessionCreationFilter.java:45) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > [spring-web-5.3.27.jar:5.3.27] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) > [spring-web-5.3.27.jar:5.3.27] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186) > [spring-security-web-5.7.8.jar:5.7.8] > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) > [spring-web-5.3.27.jar:5.3.27] > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) > [spring-web-5.3.27.jar:5.3.27] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:181) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:156) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:494) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:682) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:639) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:932) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1695) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > [tomcat-embed-core-8.5.86.jar:8.5.86] > at java.lang.Thread.run(Thread.java:834) [?:?] > {code} > Steps to reproduce: > Case 1 : > Grant access request from shell command > Revoke access twice > Case 2 : > Grant access to user1 from shell command > revoke access from user2 from shell command > Case 3 : > Ranger policy created at Group/Role access level > Revoke access request for user belongs to Group/Roles from shell command > Case 4 : > Grant access to user with Table from shell command > revoke access from user without Table from shell command -- This message was sent by Atlassian Jira (v8.20.10#820010)