HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919)
Signed-off-by: Viraj Jasani <vjasani@apache.org> Signed-off-by: Reid Chan <reidchan@apache.org>
This commit is contained in:
parent
3a690931f5
commit
7905749733
|
@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface,
|
|||
this.namedQueueRecorder = namedQueueRecorder;
|
||||
}
|
||||
|
||||
protected boolean needAuthorization() {
|
||||
return authorize;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
|
|||
} else {
|
||||
processConnectionHeader(buf);
|
||||
this.connectionHeaderRead = true;
|
||||
if (!authorizeConnection()) {
|
||||
if (rpcServer.needAuthorization() && !authorizeConnection()) {
|
||||
// Throw FatalConnectionException wrapping ACE so client does right thing and closes
|
||||
// down the connection instead of trying to read non-existent retun.
|
||||
throw new AccessDeniedException("Connection from " + this + " for service " +
|
||||
|
|
Loading…
Reference in New Issue