[ https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17277064#comment-17277064 ]
Viraj Jasani commented on HBASE-25543: -------------------------------------- Thanks for your interest [~xytss123], I have provided you with contributor access on Jira. Going forward, you can assign Jiras to yourself. > When configuration "hadoop.security.authorization" is set to false, the > system will still try to authorize an RPC and raise AccessDeniedException > -------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: HBASE-25543 > URL: https://issues.apache.org/jira/browse/HBASE-25543 > Project: HBase > Issue Type: Bug > Components: IPC/RPC > Reporter: Yutong Xiao > Assignee: Yutong Xiao > Priority: Minor > > In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1), > ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to > false, the method authorizeConnection() will be invoked whatever the boolean > authorize is true or false. > {code:java} > if (!authorizeConnection()) { > // Throw FatalConnectionException wrapping ACE so client does right thing > and closes > // down the connection instead of trying to read non-existent retun. > throw new AccessDeniedException("Connection from " + this + " for service " > + > connectionHeader.getServiceName() + " is unauthorized for user: " + ugi); > } > {code} > In method authorizeConnection() > {code:java} > if (ugi != null && ugi.getRealUser() != null > && (authMethod != AuthMethod.DIGEST)) { > ProxyUsers.authorize(ugi, this.getHostAddress(), conf); > }{code} > ProxyUsers.authorize() will raise AuthorizationException. -- This message was sent by Atlassian Jira (v8.3.4#803005)