dlmarion commented on code in PR #2994:
URL: https://github.com/apache/accumulo/pull/2994#discussion_r988937105
##########
server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java:
##########
@@ -308,6 +307,11 @@ private Map<String,String> conf(TCredentials credentials,
AccumuloConfiguration
@Override
public Map<String,String> getConfiguration(TInfo tinfo, TCredentials
credentials,
ConfigurationType type) throws TException {
+ if (!(security.isSystemUser(credentials) ||
security.hasSystemPermission(credentials,
+ credentials.getPrincipal(), SystemPermission.SYSTEM))) {
Review Comment:
I added a log statement in SecurityOperation.targetUserExists, this is
printed in the tserver log:
```
2022-10-06T11:47:52,320 [security.SecurityOperation] ERROR: User does not
exist.
java.lang.RuntimeException: null
at
org.apache.accumulo.server.security.SecurityOperation.targetUserExists(SecurityOperation.java:413)
~[classes/:?]
at
org.apache.accumulo.server.security.SecurityOperation._hasSystemPermission(SecurityOperation.java:325)
~[classes/:?]
at
org.apache.accumulo.server.security.SecurityOperation.hasSystemPermission(SecurityOperation.java:819)
~[classes/:?]
at
org.apache.accumulo.server.security.AuditedSecurityOperation.hasSystemPermission(AuditedSecurityOperation.java:675)
~[classes/:?]
at
org.apache.accumulo.server.client.ClientServiceHandler.getConfiguration(ClientServiceHandler.java:310)
~[classes/:?]
```
I don't know enough about this area of the code to understand why this is
being thrown. SecurityOperation.hasSystemPermission calls
`casAskAboutOtherUsers` which authenticates the user, but then it calls
_hasSystemPermission which ends up throwing the error that the user doesn't
exist.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
