So it was working before you added the Ranger plugin and it stopped after you added the Ranger plugin? If so then I’d guess it is one of three things.
1. Your Ranger plugin is configured incorrectly. 2. Your Ranger server isn’t running. 3. Your Ranger policy for Knox isn’t allowing access to webhdfs. In all three of these cases you should probably follow up on the Ranger mailing lists since the Ranger plugin is developed there. From: Aneela Saleem Reply-To: "[email protected]<mailto:[email protected]>" Date: Monday, August 3, 2015 at 5:39 PM To: "[email protected]<mailto:[email protected]>" Subject: 403 Forbidden Error Hi experts, Actually i'm trying to add Knox plugin in Apache Ranger. But continuously failing to do so. After that my knox also stop working. When i run 'curl -i -k -u aneela:123 -X GET 'https://localhost:8443/gateway/cluster1/webhdfs/v1/?op=LISTSTATUS'' I get 403 forbidden error. Following are the logs from Knox. Can you please tell me why it's failing. (I'm sick of these errors 😧) 2015-08-04 02:25:03,778 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(110)) - Received request: GET /webhdfs/v1/?op=LISTSTATUS 2015-08-04 02:25:03,779 DEBUG authc.BasicHttpAuthenticationFilter (BasicHttpAuthenticationFilter.java:createToken(308)) - Attempting to execute login with headers [Basic YW5lZWxhOjEyMw==] 2015-08-04 02:25:03,779 DEBUG ldap.JndiLdapRealm (JndiLdapRealm.java:queryForAuthenticationInfo(369)) - Authenticating user 'aneela' through LDAP 2015-08-04 02:25:03,779 DEBUG ldap.JndiLdapContextFactory (JndiLdapContextFactory.java:getLdapContext(488)) - Initializing LDAP context using URL [ldap://127.0.0.1<http://127.0.0.1/>] and principal [cn=admin,dc=platalytics,dc=com] with pooling enabled 2015-08-04 02:25:03,781 INFO hadoop.gateway (KnoxLdapRealm.java:getUserDn(546)) - Computed userDn: cn=aneela,ou=users,dc=platalytics,dc=com using ldapSearch for principal: aneela 2015-08-04 02:25:03,781 DEBUG ldap.JndiLdapContextFactory (JndiLdapContextFactory.java:getLdapContext(488)) - Initializing LDAP context using URL [ldap://127.0.0.1<http://127.0.0.1/>] and principal [cn=aneela,ou=users,dc=platalytics,dc=com] with pooling disabled 2015-08-04 02:25:03,783 DEBUG realm.AuthenticatingRealm (AuthenticatingRealm.java:getAuthenticationInfo(569)) - Looked up AuthenticationInfo [aneela] from doGetAuthenticationInfo 2015-08-04 02:25:03,783 DEBUG realm.AuthenticatingRealm (AuthenticatingRealm.java:cacheAuthenticationInfoIfPossible(507)) - AuthenticationInfo caching is disabled for info [aneela]. Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - aneela, rememberMe=false (127.0.0.1)]. 2015-08-04 02:25:03,783 DEBUG credential.SimpleCredentialsMatcher (SimpleCredentialsMatcher.java:equals(95)) - Performing credentials equality check for tokenCredentials of type [org.apache.shiro.crypto.hash.SimpleHash and accountCredentials of type [org.apache.shiro.crypto.hash.SimpleHash] 2015-08-04 02:25:03,783 DEBUG credential.SimpleCredentialsMatcher (SimpleCredentialsMatcher.java:equals(101)) - Both credentials arguments can be easily converted to byte arrays. Performing array equals comparison 2015-08-04 02:25:03,784 DEBUG authc.AbstractAuthenticator (AbstractAuthenticator.java:authenticate(231)) - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - aneela, rememberMe=false (127.0.0.1)]. Returned account [aneela] 2015-08-04 02:25:03,784 DEBUG support.DefaultSubjectContext (DefaultSubjectContext.java:resolveSecurityManager(102)) - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2015-08-04 02:25:03,784 DEBUG support.DefaultSubjectContext (DefaultSubjectContext.java:resolveSecurityManager(102)) - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2015-08-04 02:25:03,784 DEBUG server.session (AbstractSession.java:<init>(84)) - new session & id awohlktq5nqh1a0j9ns3sjfhh awohlktq5nqh1a0j9ns3sjfhh 2015-08-04 02:25:03,785 DEBUG servlet.SimpleCookie (SimpleCookie.java:addCookieHeader(226)) - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/gateway/cluster1; Max-Age=0; Expires=Sun, 02-Aug-2015 21:25:03 GMT] 2015-08-04 02:25:03,785 DEBUG mgt.AbstractRememberMeManager (AbstractRememberMeManager.java:onSuccessfulLogin(300)) - AuthenticationToken did not indicate RememberMe is requested. RememberMe functionality will not be executed for corresponding account. 2015-08-04 02:25:03,785 DEBUG realm.AuthorizingRealm (AuthorizingRealm.java:getAuthorizationCacheLazy(234)) - No authorizationCache instance set. Checking for a cacheManager... 2015-08-04 02:25:03,785 INFO realm.AuthorizingRealm (AuthorizingRealm.java:getAuthorizationCacheLazy(248)) - No cache or cacheManager properties have been set. Authorization cache cannot be obtained. 2015-08-04 02:25:03,787 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=264,b=1393,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NOT_HANDSHAKING filled=0/0 flushed=0/0 2015-08-04 02:25:03,787 DEBUG nio.ssl (SslConnection.java:wrap(462)) - [Session-1, SSL_NULL_WITH_NULL_NULL] wrap OK NOT_HANDSHAKING consumed=264 produced=301 2015-08-04 02:25:03,788 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=1393,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NOT_HANDSHAKING filled=0/0 flushed=301/0 2015-08-04 02:25:03,789 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=1393,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NOT_HANDSHAKING filled=0/0 flushed=0/0 2015-08-04 02:25:03,789 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=1393,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NOT_HANDSHAKING filled=0/0 flushed=0/0 2015-08-04 02:25:03,790 DEBUG nio.ssl (SslConnection.java:wrap(462)) - [Session-1, SSL_NULL_WITH_NULL_NULL] wrap OK NOT_HANDSHAKING consumed=1393 produced=1429 2015-08-04 02:25:03,791 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NOT_HANDSHAKING filled=0/0 flushed=1429/0 2015-08-04 02:25:03,792 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=37/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NOT_HANDSHAKING filled=37/37 flushed=0/0 2015-08-04 02:25:03,793 DEBUG nio.ssl (SslConnection.java:unwrap(538)) - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap CLOSED NEED_WRAP consumed=37 produced=0 2015-08-04 02:25:03,793 DEBUG nio.ssl (SslConnection.java:unwrap(582)) - unwrap CLOSE SslConnection@1ea9198e SSL NEED_WRAP i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} Status = CLOSED HandshakeStatus = NEED_WRAP bytesConsumed = 37 bytesProduced = 0 2015-08-04 02:25:03,794 DEBUG nio.ChannelEndPoint (ChannelEndPoint.java:shutdownChannelInput(118)) - ishut SCEP@1a2b830e{l(/127.0.0.1:38841<http://127.0.0.1:38841/>)<->r(/127.0.0.1:8443<http://127.0.0.1:8443/>),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{SslConnection@1ea9198e SSL NEED_WRAP i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1}} 2015-08-04 02:25:03,795 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NEED_WRAP i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NEED_WRAP filled=-1/0 flushed=0/0 2015-08-04 02:25:03,795 DEBUG nio.ssl (SslConnection.java:wrap(462)) - [Session-1, SSL_NULL_WITH_NULL_NULL] wrap CLOSED NOT_HANDSHAKING consumed=0 produced=37 2015-08-04 02:25:03,796 DEBUG nio.ssl (SslConnection.java:wrap(503)) - wrap CLOSE SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/37/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} Status = CLOSED HandshakeStatus = NOT_HANDSHAKING bytesConsumed = 0 bytesProduced = 37 2015-08-04 02:25:03,796 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NOT_HANDSHAKING filled=-1/0 flushed=37/0 2015-08-04 02:25:03,798 DEBUG nio.ChannelEndPoint (ChannelEndPoint.java:shutdownChannelOutput(157)) - oshut SCEP@1a2b830e{l(/127.0.0.1:38841<http://127.0.0.1:38841/>)<->r(/127.0.0.1:8443<http://127.0.0.1:8443/>),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1}} 2015-08-04 02:25:03,799 DEBUG nio.ChannelEndPoint (ChannelEndPoint.java:close(209)) - close SCEP@1a2b830e{l(/127.0.0.1:38841<http://127.0.0.1:38841/>)<->r(/127.0.0.1:8443<http://127.0.0.1:8443/>),s=1,open=true,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1r}-{SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1}} 2015-08-04 02:25:03,799 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1} NOT_HANDSHAKING filled=-1/0 flushed=0/0 2015-08-04 02:25:03,800 DEBUG io.nio (SelectorManager.java:destroyEndPoint(851)) - destroyEndPoint SCEP@1a2b830e{l(null)<->r(0.0.0.0/0.0.0.0:8443<http://0.0.0.0/0.0.0.0:8443>),s=1,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=2,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1}} 2015-08-04 02:25:03,800 DEBUG server.AbstractHttpConnection (AbstractHttpConnection.java:onClose(738)) - closed AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=-5,l=3,c=0},r=1 2015-08-04 02:25:03,800 DEBUG server.Server (Server.java:handle(367)) - RESPONSE /gateway/cluster1/webhdfs/v1/ 403 handled=true 2015-08-04 02:25:03,801 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=3,c=0},r=1} NOT_HANDSHAKING filled=-1/0 flushed=0/0 2015-08-04 02:25:03,801 DEBUG server.AsyncHttpConnection (AsyncHttpConnection.java:reset(211)) - Enabled read interest SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=3,c=0},r=1} 2015-08-04 02:25:03,802 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=-3},r=1} NOT_HANDSHAKING filled=-1/0 flushed=0/0 2015-08-04 02:25:03,802 DEBUG http.HttpParser (HttpParser.java:parseNext(281)) - filled -1/0 2015-08-04 02:25:03,802 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=1} NOT_HANDSHAKING filled=-1/0 flushed=0/0 2015-08-04 02:25:03,803 DEBUG server.AsyncHttpConnection (AsyncHttpConnection.java:handle(145)) - Disabled read interest while writing response SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=1} 2015-08-04 02:25:03,803 DEBUG nio.ssl (SslConnection.java:handle(203)) - [Session-1, SSL_NULL_WITH_NULL_NULL] handle SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=1} progress=true 2015-08-04 02:25:03,803 DEBUG nio.ssl (SslConnection.java:process(347)) - [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=1} NOT_HANDSHAKING filled=-1/0 flushed=0/0 2015-08-04 02:25:03,804 DEBUG server.AsyncHttpConnection (AsyncHttpConnection.java:handle(145)) - Disabled read interest while writing response SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=1} 2015-08-04 02:25:03,804 DEBUG nio.ssl (SslConnection.java:handle(203)) - [Session-1, SSL_NULL_WITH_NULL_NULL] handle SslConnection@1ea9198e SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@6fccc95b,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=1} progress=false
