HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919)
Signed-off-by: Viraj Jasani <vjasani@apache.org> Signed-off-by: Reid Chan <reidchan@apache.org>
This commit is contained in:
parent
3a690931f5
commit
7905749733
|
@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface,
|
||||||
this.namedQueueRecorder = namedQueueRecorder;
|
this.namedQueueRecorder = namedQueueRecorder;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected boolean needAuthorization() {
|
||||||
|
return authorize;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
|
||||||
} else {
|
} else {
|
||||||
processConnectionHeader(buf);
|
processConnectionHeader(buf);
|
||||||
this.connectionHeaderRead = true;
|
this.connectionHeaderRead = true;
|
||||||
if (!authorizeConnection()) {
|
if (rpcServer.needAuthorization() && !authorizeConnection()) {
|
||||||
// Throw FatalConnectionException wrapping ACE so client does right thing and closes
|
// Throw FatalConnectionException wrapping ACE so client does right thing and closes
|
||||||
// down the connection instead of trying to read non-existent retun.
|
// down the connection instead of trying to read non-existent retun.
|
||||||
throw new AccessDeniedException("Connection from " + this + " for service " +
|
throw new AccessDeniedException("Connection from " + this + " for service " +
|
||||||
|
|
Loading…
Reference in New Issue