[jira] [Updated] (HBASE-25441) add security check for some APIs in RSRpcServices

Sat, 26 Dec 2020 03:18:04 -0800 


     [ 
https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lujie updated HBASE-25441:
--------------------------
    Description: 
getLogEntries

clearSlowLogsResponses

stopServer

 

Actually, "stopServer" has "preStop" check in its callee "stop", but "stop" 
will not throw any exception due to below code:
{code:java}
catch (IOException ioe) {
          if (!force) {
            LOG.warn("The region server did not stop", ioe);
            return;
          }
          LOG.warn("Skipping coprocessor exception on preStop() due to forced 
shutdown", ioe);
  }
{code}
So client who call stopServer will not know whether his request is successful 
or not. Here we add rpcPreCheck("stopServer"); can make client clearly see the 
message:

ERROR RuntimeError: org.apache.hadoop.hbase.security.AccessDeniedException: 
Insufficient permissions for user 'user1' (global, action=ADMIN)

  was:
getLogEntries

clearSlowLogsResponses

stopServer

 

Actually, "stopServer" has "preStop" check in its callee "stop", but "stop" 
will not throw any exception due to below code:
{code:java}
catch (IOException ioe) {
          if (!force) {
            LOG.warn("The region server did not stop", ioe);
            return;
          }
          LOG.warn("Skipping coprocessor exception on preStop() due to forced 
shutdown", ioe);
  }
{code}
So client who call stopServer will not knwo whether his request is whether it 
is successful or not. Here we add 


> add security check for some APIs in RSRpcServices
> -------------------------------------------------
>
>                 Key: HBASE-25441
>                 URL: https://issues.apache.org/jira/browse/HBASE-25441
>             Project: HBase
>          Issue Type: Bug
>            Reporter: lujie
>            Priority: Critical
>
> getLogEntries
> clearSlowLogsResponses
> stopServer
>  
> Actually, "stopServer" has "preStop" check in its callee "stop", but "stop" 
> will not throw any exception due to below code:
> {code:java}
> catch (IOException ioe) {
>           if (!force) {
>             LOG.warn("The region server did not stop", ioe);
>             return;
>           }
>           LOG.warn("Skipping coprocessor exception on preStop() due to forced 
> shutdown", ioe);
>   }
> {code}
> So client who call stopServer will not know whether his request is successful 
> or not. Here we add rpcPreCheck("stopServer"); can make client clearly see 
> the message:
> ERROR RuntimeError: org.apache.hadoop.hbase.security.AccessDeniedException: 
> Insufficient permissions for user 'user1' (global, action=ADMIN)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to