Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2929) (#2919) 

Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Reid Chan <reidchan@apache.org>
This commit is contained in:
YutSean 2021-02-06 00:37:21 +08:00 committed by Viraj Jasani
parent 1b6bf2bcd0
commit 829790e11a
No known key found for this signature in database
GPG Key ID: B3D6C0B41C8ADFD5
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
View File

@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface,
this.namedQueueRecorder = namedQueueRecorder; this.namedQueueRecorder = namedQueueRecorder;
} }
protected boolean needAuthorization() {
return authorize;
}
} }

2
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
View File

@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
} else { } else {
processConnectionHeader(buf); processConnectionHeader(buf);
this.connectionHeaderRead = true; this.connectionHeaderRead = true;
if (!authorizeConnection()) { if (rpcServer.needAuthorization() && !authorizeConnection()) {
// Throw FatalConnectionException wrapping ACE so client does right thing and closes // Throw FatalConnectionException wrapping ACE so client does right thing and closes
// down the connection instead of trying to read non-existent retun. // down the connection instead of trying to read non-existent retun.
throw new AccessDeniedException("Connection from " + this + " for service " + throw new AccessDeniedException("Connection from " + this + " for service " +