HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919)

Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Reid Chan <reidchan@apache.org>
This commit is contained in:
YutSean 2021-02-05 15:37:34 +08:00 committed by GitHub
parent 3a690931f5
commit 7905749733
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions

View File

@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface,
this.namedQueueRecorder = namedQueueRecorder; this.namedQueueRecorder = namedQueueRecorder;
} }
protected boolean needAuthorization() {
return authorize;
}
} }

View File

@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
} else { } else {
processConnectionHeader(buf); processConnectionHeader(buf);
this.connectionHeaderRead = true; this.connectionHeaderRead = true;
if (!authorizeConnection()) { if (rpcServer.needAuthorization() && !authorizeConnection()) {
// Throw FatalConnectionException wrapping ACE so client does right thing and closes // Throw FatalConnectionException wrapping ACE so client does right thing and closes
// down the connection instead of trying to read non-existent retun. // down the connection instead of trying to read non-existent retun.
throw new AccessDeniedException("Connection from " + this + " for service " + throw new AccessDeniedException("Connection from " + this + " for service " +