HADOOP-17392. Remote exception messages should not include the exception class (#2486). Contributed by Daryn Sharp and Ahmed Hussein
This commit is contained in:
parent
9170eb566b
commit
f94e927bfb
|
@ -18,6 +18,7 @@
|
||||||
|
|
||||||
package org.apache.hadoop.ipc;
|
package org.apache.hadoop.ipc;
|
||||||
|
|
||||||
|
import org.apache.hadoop.security.AccessControlException;
|
||||||
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
|
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
|
||||||
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
|
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
|
||||||
import org.apache.hadoop.thirdparty.com.google.common.util.concurrent.ThreadFactoryBuilder;
|
import org.apache.hadoop.thirdparty.com.google.common.util.concurrent.ThreadFactoryBuilder;
|
||||||
|
@ -857,7 +858,8 @@ public class Client implements AutoCloseable {
|
||||||
}
|
}
|
||||||
} else if (UserGroupInformation.isSecurityEnabled()) {
|
} else if (UserGroupInformation.isSecurityEnabled()) {
|
||||||
if (!fallbackAllowed) {
|
if (!fallbackAllowed) {
|
||||||
throw new IOException("Server asks us to fall back to SIMPLE " +
|
throw new AccessControlException(
|
||||||
|
"Server asks us to fall back to SIMPLE " +
|
||||||
"auth, but this client is configured to only allow secure " +
|
"auth, but this client is configured to only allow secure " +
|
||||||
"connections.");
|
"connections.");
|
||||||
}
|
}
|
||||||
|
|
|
@ -2202,7 +2202,7 @@ public abstract class Server {
|
||||||
private void doSaslReply(Exception ioe) throws IOException {
|
private void doSaslReply(Exception ioe) throws IOException {
|
||||||
setupResponse(authFailedCall,
|
setupResponse(authFailedCall,
|
||||||
RpcStatusProto.FATAL, RpcErrorCodeProto.FATAL_UNAUTHORIZED,
|
RpcStatusProto.FATAL, RpcErrorCodeProto.FATAL_UNAUTHORIZED,
|
||||||
null, ioe.getClass().getName(), ioe.toString());
|
null, ioe.getClass().getName(), ioe.getMessage());
|
||||||
sendResponse(authFailedCall);
|
sendResponse(authFailedCall);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2597,8 +2597,7 @@ public abstract class Server {
|
||||||
final RpcCall call = new RpcCall(this, callId, retry);
|
final RpcCall call = new RpcCall(this, callId, retry);
|
||||||
setupResponse(call,
|
setupResponse(call,
|
||||||
rse.getRpcStatusProto(), rse.getRpcErrorCodeProto(), null,
|
rse.getRpcStatusProto(), rse.getRpcErrorCodeProto(), null,
|
||||||
t.getClass().getName(),
|
t.getClass().getName(), t.getMessage());
|
||||||
t.getMessage() != null ? t.getMessage() : t.toString());
|
|
||||||
sendResponse(call);
|
sendResponse(call);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,6 +46,7 @@ import java.util.concurrent.ConcurrentHashMap;
|
||||||
|
|
||||||
import javax.net.SocketFactory;
|
import javax.net.SocketFactory;
|
||||||
|
|
||||||
|
import org.apache.hadoop.security.AccessControlException;
|
||||||
import org.apache.hadoop.thirdparty.com.google.common.cache.Cache;
|
import org.apache.hadoop.thirdparty.com.google.common.cache.Cache;
|
||||||
import org.apache.hadoop.thirdparty.com.google.common.cache.CacheBuilder;
|
import org.apache.hadoop.thirdparty.com.google.common.cache.CacheBuilder;
|
||||||
|
|
||||||
|
@ -874,6 +875,11 @@ public class NetUtils {
|
||||||
+ " failed on socket exception: " + exception
|
+ " failed on socket exception: " + exception
|
||||||
+ ";"
|
+ ";"
|
||||||
+ see("SocketException"));
|
+ see("SocketException"));
|
||||||
|
} else if (exception instanceof AccessControlException) {
|
||||||
|
return wrapWithMessage(exception,
|
||||||
|
"Call From "
|
||||||
|
+ localHost + " to " + destHost + ":" + destPort
|
||||||
|
+ " failed: " + exception.getMessage());
|
||||||
} else {
|
} else {
|
||||||
// 1. Return instance of same type with exception msg if Exception has a
|
// 1. Return instance of same type with exception msg if Exception has a
|
||||||
// String constructor.
|
// String constructor.
|
||||||
|
|
|
@ -533,12 +533,15 @@ public class TestSaslRPC extends TestRpcBase {
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Pattern BadToken =
|
private static Pattern BadToken =
|
||||||
Pattern.compile(".*DIGEST-MD5: digest response format violation.*");
|
Pattern.compile("^" + RemoteException.class.getName() +
|
||||||
|
"\\("+ SaslException.class.getName() + "\\): " +
|
||||||
|
"DIGEST-MD5: digest response format violation.*");
|
||||||
private static Pattern KrbFailed =
|
private static Pattern KrbFailed =
|
||||||
Pattern.compile(".*Failed on local exception:.* " +
|
Pattern.compile(".*Failed on local exception:.* " +
|
||||||
"Failed to specify server's Kerberos principal name.*");
|
"Failed to specify server's Kerberos principal name.*");
|
||||||
private static Pattern Denied(AuthMethod method) {
|
private static Pattern Denied(AuthMethod method) {
|
||||||
return Pattern.compile(".*RemoteException.*AccessControlException.*: "
|
return Pattern.compile("^" + RemoteException.class.getName() +
|
||||||
|
"\\(" + AccessControlException.class.getName() + "\\): "
|
||||||
+ method + " authentication is not enabled.*");
|
+ method + " authentication is not enabled.*");
|
||||||
}
|
}
|
||||||
private static Pattern No(AuthMethod ... method) {
|
private static Pattern No(AuthMethod ... method) {
|
||||||
|
@ -547,10 +550,10 @@ public class TestSaslRPC extends TestRpcBase {
|
||||||
"Client cannot authenticate via:\\[" + methods + "\\].*");
|
"Client cannot authenticate via:\\[" + methods + "\\].*");
|
||||||
}
|
}
|
||||||
private static Pattern NoTokenAuth =
|
private static Pattern NoTokenAuth =
|
||||||
Pattern.compile(".*IllegalArgumentException: " +
|
Pattern.compile("^" + IllegalArgumentException.class.getName() + ": " +
|
||||||
"TOKEN authentication requires a secret manager");
|
"TOKEN authentication requires a secret manager");
|
||||||
private static Pattern NoFallback =
|
private static Pattern NoFallback =
|
||||||
Pattern.compile(".*Failed on local exception:.* " +
|
Pattern.compile("^" + AccessControlException.class.getName() + ":.* " +
|
||||||
"Server asks us to fall back to SIMPLE auth, " +
|
"Server asks us to fall back to SIMPLE auth, " +
|
||||||
"but this client is configured to only allow secure connections.*");
|
"but this client is configured to only allow secure connections.*");
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue