Revert "HBASE-24579: Failed SASL authentication does not result in an exception on client side (#1921)"
This reverts commit bd79c4065ccb13a5e217d844376b3e7b9489d2fe.
When Kerberos authentication succeeds, on the server side, after
receiving the final SASL token from the client, we simply wait for
the client to continue by sending the connection header.
After HBASE-24579, on the client side, an additional readStatus()
was added, which mistakenly assumes that after negotiation has
completed a status code will be sent. However when authentication
has succeeded the server will not send one. As a result the client
will hang and only throw an exception when the configured read
timeout is reached, which is 20 seconds by default.
We cannot unilaterally send the expected additional status code
from the server side because older clients will not expect it. The
first call will fail because the client finds unexpected bytes in
the stream ahead of the call response. Fabricating a call response
also does not seem a viable strategy for backwards compatibility.
The HBASE-24579 change needs to be reconsidered given the
difficult backwards compatibility challenges here.
Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
Conflicts:
hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestHBaseSaslRpcClient.java
* HBASE-26523 Upgrade hbase-thirdparty dependency to 4.0.1 (#3988)
Signed-off-by: GeorryHuang <huangzhuoyue@apache.org>
* HBASE-25465 Use javac --release option for supporting cross version compilation (#4164)
Signed-off-by: Andrew Purtell <apurtell@apache.org>
* HBASE-26855 Delete unnecessary dependency on jaxb-runtime jar (#4236)
Signed-off-by: Duo Zhang <zhangduo@apache.org>
* spotless apply
Co-authored-by: Duo Zhang <zhangduo@apache.org>
Co-authored-by: Nick Dimiduk <ndimiduk@apache.org>
Signed-off-by: Andrew Purtell <apurtell@apache.org>
In org.apache.hadoop.hbase.http.SecurityHeadersFilter, marked
LimitedPrivate(CONFIG), static method getDefaultParameters(Configuration)
returning Map<String,String> was removed.
In org.apache.hadoop.hbase.filter.RandomRowFilter, marked Public, the
protected field 'random' of type java.util.Random was removed, which
might cause NoSuchFieldError exceptions in downstreamers.
Signed-off-by: Andrew Purtell <apurtell@apache.org>
Avoid the pattern where a Random object is allocated, used once or twice, and
then left for GC. This pattern triggers warnings from some static analysis tools
because this pattern leads to poor effective randomness. In a few cases we were
legitimately suffering from this issue; in others a change is still good to
reduce noise in analysis results.
Use ThreadLocalRandom where there is no requirement to set the seed to gain
good reuse.
Where useful relax use of SecureRandom to simply Random or ThreadLocalRandom,
which are unlikely to block if the system entropy pool is low, if we don't need
crypographically strong randomness for the use case. The exception to this is
normalization of use of Bytes#random to fill byte arrays with randomness.
Because Bytes#random may be used to generate key material it must be backed by
SecureRandom.
Signed-off-by: Duo Zhang <zhangduo@apache.org>
Revert "Preparing hbase release 2.4.10RC1; tagging and updates to CHANGES.md and RELEASENOTES.md"
This reverts commit 31a9beaf949385d75a23c672572fbb70c937cf97.
This reverts commit 0dc107e15b5684aea64892fa4db460724de2a779.
This reverts commit a86548a25755c574c76ef27c374fe05be295d057.
This reverts commit 27343174e7837f5859b0e7bd8cc23ec0e62a25c1.
Change scan caching back to 1 to avoid extra work at Region Server side. For most cases, the extra 4 results
fetched are wasted at the client side.
Signed-off-by: Duo Zhang <zhangduo@apache.org>
