You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by da...@apache.org on 2018/08/15 22:37:07 UTC

hive git commit: HIVE-14898: HS2 shouldn't log callstack for an empty auth header error

Repository: hive
Updated Branches:
  refs/heads/master b7b5cb472 -> 489b37a54


HIVE-14898: HS2 shouldn't log callstack for an empty auth header error


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/489b37a5
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/489b37a5
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/489b37a5

Branch: refs/heads/master
Commit: 489b37a545b383e883aa37f80ed10cfd8d213dee
Parents: b7b5cb4
Author: Daniel Dai <da...@gmail.com>
Authored: Wed Aug 15 15:36:44 2018 -0700
Committer: Daniel Dai <da...@gmail.com>
Committed: Wed Aug 15 15:36:44 2018 -0700

----------------------------------------------------------------------
 .../ldap/HttpEmptyAuthenticationException.java  | 23 ++++++++++++++++++++
 .../service/cli/thrift/ThriftHttpServlet.java   | 12 ++++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/489b37a5/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java b/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java
new file mode 100644
index 0000000..b6b71bc
--- /dev/null
+++ b/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java
@@ -0,0 +1,23 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License. See accompanying LICENSE file.
+ */
+package org.apache.hive.service.auth.ldap;
+
+import org.apache.hive.service.auth.HttpAuthenticationException;
+
+public class HttpEmptyAuthenticationException extends HttpAuthenticationException {
+
+  public HttpEmptyAuthenticationException(String msg) {
+    super(msg);
+  }
+}

http://git-wip-us.apache.org/repos/asf/hive/blob/489b37a5/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
index 70ffa3c..ffc5ef4 100644
--- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
+++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
@@ -53,6 +53,7 @@ import org.apache.hive.service.auth.HiveAuthFactory;
 import org.apache.hive.service.auth.HttpAuthUtils;
 import org.apache.hive.service.auth.HttpAuthenticationException;
 import org.apache.hive.service.auth.PasswdAuthenticationProvider;
+import org.apache.hive.service.auth.ldap.HttpEmptyAuthenticationException;
 import org.apache.hive.service.cli.HiveSQLException;
 import org.apache.hive.service.cli.session.SessionManager;
 import org.apache.thrift.TProcessor;
@@ -207,7 +208,11 @@ public class ThriftHttpServlet extends TServlet {
       super.doPost(request, response);
     }
     catch (HttpAuthenticationException e) {
-      LOG.error("Error: ", e);
+      // Ignore HttpEmptyAuthenticationException, it is normal for knox
+      // to send a request with empty header
+      if (!(e instanceof HttpEmptyAuthenticationException)) {
+        LOG.error("Error: ", e);
+      }
       // Send a 401 to the client
       response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
       if(isKerberosAuthMode(authType)) {
@@ -404,6 +409,9 @@ public class ThriftHttpServlet extends TServlet {
     try {
       return serviceUGI.doAs(new HttpKerberosServerAction(request, serviceUGI));
     } catch (Exception e) {
+      if (e.getCause() instanceof HttpEmptyAuthenticationException) {
+        throw (HttpEmptyAuthenticationException)e.getCause();
+      }
       LOG.error("Failed to authenticate with hive/_HOST kerberos principal");
       throw new HttpAuthenticationException(e);
     }
@@ -546,7 +554,7 @@ public class ThriftHttpServlet extends TServlet {
     String authHeader = request.getHeader(HttpAuthUtils.AUTHORIZATION);
     // Each http request must have an Authorization header
     if (authHeader == null || authHeader.isEmpty()) {
-      throw new HttpAuthenticationException("Authorization header received " +
+      throw new HttpEmptyAuthenticationException("Authorization header received " +
           "from the client is empty.");
     }