HADOOP-11404. Clarify the "expected client Kerberos principal is null" authorization message. Contributed by Stephen Chu

(cherry picked from commit 318c9b68b0)
This commit is contained in:
Harsh J 2016-03-10 17:05:09 +05:30
parent 95d30a6ec6
commit 2e32aa5475
1 changed files with 7 additions and 5 deletions

View File

@ -116,11 +116,13 @@ public class ServiceAuthorizationManager {
}
if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) ||
acls.length != 2 || !acls[0].isUserAllowed(user) || acls[1].isUserAllowed(user)) {
AUDITLOG.warn(AUTHZ_FAILED_FOR + user + " for protocol=" + protocol
+ ", expected client Kerberos principal is " + clientPrincipal);
String cause = clientPrincipal != null ?
": this service is only accessible by " + clientPrincipal :
": denied by configured ACL";
AUDITLOG.warn(AUTHZ_FAILED_FOR + user
+ " for protocol=" + protocol + cause);
throw new AuthorizationException("User " + user +
" is not authorized for protocol " + protocol +
", expected client Kerberos principal is " + clientPrincipal);
" is not authorized for protocol " + protocol + cause);
}
if (addr != null) {
String hostAddress = addr.getHostAddress();