[ https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yutong Xiao updated HBASE-25543: -------------------------------- Description: In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1), ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to false, the method authorizeConnection() will be invoked whatever the boolean authorize is true or false. {code:java} if (!authorizeConnection()) { // Throw FatalConnectionException wrapping ACE so client does right thing and closes // down the connection instead of trying to read non-existent retun. throw new AccessDeniedException("Connection from " + this + " for service " + connectionHeader.getServiceName() + " is unauthorized for user: " + ugi); } {code} If boolean authorize is false, authorizeConnection should not be invoked here. was:In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1), ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to false, the method authorizeConnection() will be invoked whatever the boolean authorize is true or false. > When configuration "hadoop.security.authorization" is set to false, the > system will still try to authorize an RPC and raise AccessDeniedException > -------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: HBASE-25543 > URL: https://issues.apache.org/jira/browse/HBASE-25543 > Project: HBase > Issue Type: Bug > Components: IPC/RPC > Reporter: Yutong Xiao > Priority: Minor > > In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1), > ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to > false, the method authorizeConnection() will be invoked whatever the boolean > authorize is true or false. > {code:java} > if (!authorizeConnection()) { > // Throw FatalConnectionException wrapping ACE so client does right thing > and closes > // down the connection instead of trying to read non-existent retun. > throw new AccessDeniedException("Connection from " + this + " for service " > + > connectionHeader.getServiceName() + " is unauthorized for user: " + ugi); > } > {code} > If boolean authorize is false, authorizeConnection should not be invoked here. -- This message was sent by Atlassian Jira (v8.3.4#803005)