[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17281131#comment-17281131
]
Hudson commented on HBASE-25543:
Results for branch branch-1
[build #82 on
builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/82/]:
(x) *{color:red}-1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/82//General_Nightly_Build_Report/]
(x) {color:red}-1 jdk7 checks{color}
-- For more information [see jdk7
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/82//JDK7_Nightly_Build_Report/]
(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/82//JDK8_Nightly_Build_Report_(Hadoop2)/]
(x) {color:red}-1 source release artifact{color}
-- See build output for details.
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
> Fix For: 3.0.0-alpha-1, 1.7.0, 2.2.7, 2.5.0, 2.3.5, 2.4.2
>
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17280256#comment-17280256
]
Hudson commented on HBASE-25543:
Results for branch branch-2
[build #171 on
builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/171/]:
(x) *{color:red}-1 overall{color}*
details (if available):
(x) {color:red}-1 general checks{color}
-- For more information [see general
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/171/General_20Nightly_20Build_20Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/171/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/171/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/171/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
> Fix For: 3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.2
>
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17280246#comment-17280246
]
Hudson commented on HBASE-25543:
Results for branch branch-2.3
[build #164 on
builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/164/]:
(/) *{color:green}+1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/164/General_20Nightly_20Build_20Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/164/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/164/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/164/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
> Fix For: 3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.2
>
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17280177#comment-17280177
]
Hudson commented on HBASE-25543:
Results for branch master
[build #204 on
builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/master/204/]:
(/) *{color:green}+1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/master/204/General_20Nightly_20Build_20Report/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/master/204/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/master/204/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
> Fix For: 3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.2
>
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17280054#comment-17280054
]
Hudson commented on HBASE-25543:
Results for branch branch-2.4
[build #46 on
builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/46/]:
(/) *{color:green}+1 overall{color}*
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/46/General_20Nightly_20Build_20Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/46/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/46/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/46/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
> Fix For: 3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.2
>
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17280019#comment-17280019
]
Hudson commented on HBASE-25543:
Results for branch branch-2.2
[build #165 on
builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/165/]:
(x) *{color:red}-1 overall{color}*
details (if available):
(x) {color:red}-1 general checks{color}
-- For more information [see general
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/165//General_Nightly_Build_Report/]
(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/165//JDK8_Nightly_Build_Report_(Hadoop2)/]
(x) {color:red}-1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/165//JDK8_Nightly_Build_Report_(Hadoop3)/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
> Fix For: 3.0.0-alpha-1, 2.2.7, 2.5.0, 2.3.5, 2.4.2
>
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17279808#comment-17279808
]
Viraj Jasani commented on HBASE-25543:
--
Let me close this Jira, and once you open PR for branch-1, I will reopen this
while merging it. Once done, will mark resolved again.
[~reidchan] since 2.2.7 is going to happen soon, just wanted to keep fixVersion
in sync with commits.
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17279806#comment-17279806
]
Viraj Jasani commented on HBASE-25543:
--
[~xytss123] I have merged branch-2 PR to all active branch-2.x. Can you please
also raise PR for branch-1? Once done, we can close this Jira.
Thanks
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17279429#comment-17279429
]
Reid Chan commented on HBASE-25543:
---
Nice catch [~xytss123] , please also provide PRs for branch-1 and branch-2.
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HBASE-25543) When configuration "hadoop.security.authorization" is set to false, the system will still try to authorize an RPC and raise AccessDeniedException
[
https://issues.apache.org/jira/browse/HBASE-25543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17277064#comment-17277064
]
Viraj Jasani commented on HBASE-25543:
--
Thanks for your interest [~xytss123], I have provided you with contributor
access on Jira. Going forward, you can assign Jiras to yourself.
> When configuration "hadoop.security.authorization" is set to false, the
> system will still try to authorize an RPC and raise AccessDeniedException
> --
>
> Key: HBASE-25543
> URL: https://issues.apache.org/jira/browse/HBASE-25543
> Project: HBase
> Issue Type: Bug
> Components: IPC/RPC
>Reporter: Yutong Xiao
>Assignee: Yutong Xiao
>Priority: Minor
>
> In method processOneRpc(Bytebuffer buf) in RpcServer.java (branch-1),
> ServerRpcConnection.java (branch-2, master), if connectionHeadRead is set to
> false, the method authorizeConnection() will be invoked whatever the boolean
> authorize is true or false.
> {code:java}
> if (!authorizeConnection()) {
> // Throw FatalConnectionException wrapping ACE so client does right thing
> and closes
> // down the connection instead of trying to read non-existent retun.
> throw new AccessDeniedException("Connection from " + this + " for service "
> +
> connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);
> }
> {code}
> In method authorizeConnection()
> {code:java}
> if (ugi != null && ugi.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(ugi, this.getHostAddress(), conf);
> }{code}
> ProxyUsers.authorize() will raise AuthorizationException.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
