HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2929) (#2919)

Signed-off-by: Viraj Jasani <vjasani@apache.org> Signed-off-by: Reid Chan <reidchan@apache.org>
2021-02-06 00:37:21 +08:00 · 2021-02-06 00:37:21 +08:00 · 829790e11a
parent 1b6bf2bcd0
commit 829790e11a
2 changed files with 4 additions and 1 deletions
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface,
    this.namedQueueRecorder = namedQueueRecorder;
  }

+  protected boolean needAuthorization() {
+    return authorize;
+  }
 }
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
    } else {
      processConnectionHeader(buf);
      this.connectionHeaderRead = true;
-      if (!authorizeConnection()) {
+      if (rpcServer.needAuthorization() && !authorizeConnection()) {
        // Throw FatalConnectionException wrapping ACE so client does right thing and closes
        // down the connection instead of trying to read non-existent retun.
        throw new AccessDeniedException("Connection from " + this + " for service " +