From 829790e11a612b1e45d399e34c9d89778010eef3 Mon Sep 17 00:00:00 2001 From: YutSean <33572832+YutSean@users.noreply.github.com> Date: Sat, 6 Feb 2021 00:37:21 +0800 Subject: [PATCH] HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2929) (#2919) Signed-off-by: Viraj Jasani Signed-off-by: Reid Chan --- .../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java | 3 +++ .../java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java index ca8593ee3d5..b0e8b7d3d5d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java @@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface, this.namedQueueRecorder = namedQueueRecorder; } + protected boolean needAuthorization() { + return authorize; + } } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java index 475dcc3faa9..29ce30b8652 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java @@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable { } else { processConnectionHeader(buf); this.connectionHeaderRead = true; - if (!authorizeConnection()) { + if (rpcServer.needAuthorization() && !authorizeConnection()) { // Throw FatalConnectionException wrapping ACE so client does right thing and closes // down the connection instead of trying to read non-existent retun. throw new AccessDeniedException("Connection from " + this + " for service " +