From 79057497331f6f381e6dc46a81f43f3f6b5ae4a2 Mon Sep 17 00:00:00 2001 From: YutSean <33572832+YutSean@users.noreply.github.com> Date: Fri, 5 Feb 2021 15:37:34 +0800 Subject: [PATCH] HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919) Signed-off-by: Viraj Jasani Signed-off-by: Reid Chan --- .../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java | 3 +++ .../java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java index ca8593ee3d5..b0e8b7d3d5d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java @@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface, this.namedQueueRecorder = namedQueueRecorder; } + protected boolean needAuthorization() { + return authorize; + } } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java index 0226de4792c..422003e1a6a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java @@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable { } else { processConnectionHeader(buf); this.connectionHeaderRead = true; - if (!authorizeConnection()) { + if (rpcServer.needAuthorization() && !authorizeConnection()) { // Throw FatalConnectionException wrapping ACE so client does right thing and closes // down the connection instead of trying to read non-existent retun. throw new AccessDeniedException("Connection from " + this + " for service " +