You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by da...@apache.org on 2018/08/15 22:37:07 UTC
hive git commit: HIVE-14898: HS2 shouldn't log callstack for an empty
auth header error
Repository: hive
Updated Branches:
refs/heads/master b7b5cb472 -> 489b37a54
HIVE-14898: HS2 shouldn't log callstack for an empty auth header error
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/489b37a5
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/489b37a5
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/489b37a5
Branch: refs/heads/master
Commit: 489b37a545b383e883aa37f80ed10cfd8d213dee
Parents: b7b5cb4
Author: Daniel Dai <da...@gmail.com>
Authored: Wed Aug 15 15:36:44 2018 -0700
Committer: Daniel Dai <da...@gmail.com>
Committed: Wed Aug 15 15:36:44 2018 -0700
----------------------------------------------------------------------
.../ldap/HttpEmptyAuthenticationException.java | 23 ++++++++++++++++++++
.../service/cli/thrift/ThriftHttpServlet.java | 12 ++++++++--
2 files changed, 33 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/489b37a5/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java b/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java
new file mode 100644
index 0000000..b6b71bc
--- /dev/null
+++ b/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java
@@ -0,0 +1,23 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License. See accompanying LICENSE file.
+ */
+package org.apache.hive.service.auth.ldap;
+
+import org.apache.hive.service.auth.HttpAuthenticationException;
+
+public class HttpEmptyAuthenticationException extends HttpAuthenticationException {
+
+ public HttpEmptyAuthenticationException(String msg) {
+ super(msg);
+ }
+}
http://git-wip-us.apache.org/repos/asf/hive/blob/489b37a5/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
index 70ffa3c..ffc5ef4 100644
--- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
+++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
@@ -53,6 +53,7 @@ import org.apache.hive.service.auth.HiveAuthFactory;
import org.apache.hive.service.auth.HttpAuthUtils;
import org.apache.hive.service.auth.HttpAuthenticationException;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;
+import org.apache.hive.service.auth.ldap.HttpEmptyAuthenticationException;
import org.apache.hive.service.cli.HiveSQLException;
import org.apache.hive.service.cli.session.SessionManager;
import org.apache.thrift.TProcessor;
@@ -207,7 +208,11 @@ public class ThriftHttpServlet extends TServlet {
super.doPost(request, response);
}
catch (HttpAuthenticationException e) {
- LOG.error("Error: ", e);
+ // Ignore HttpEmptyAuthenticationException, it is normal for knox
+ // to send a request with empty header
+ if (!(e instanceof HttpEmptyAuthenticationException)) {
+ LOG.error("Error: ", e);
+ }
// Send a 401 to the client
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
if(isKerberosAuthMode(authType)) {
@@ -404,6 +409,9 @@ public class ThriftHttpServlet extends TServlet {
try {
return serviceUGI.doAs(new HttpKerberosServerAction(request, serviceUGI));
} catch (Exception e) {
+ if (e.getCause() instanceof HttpEmptyAuthenticationException) {
+ throw (HttpEmptyAuthenticationException)e.getCause();
+ }
LOG.error("Failed to authenticate with hive/_HOST kerberos principal");
throw new HttpAuthenticationException(e);
}
@@ -546,7 +554,7 @@ public class ThriftHttpServlet extends TServlet {
String authHeader = request.getHeader(HttpAuthUtils.AUTHORIZATION);
// Each http request must have an Authorization header
if (authHeader == null || authHeader.isEmpty()) {
- throw new HttpAuthenticationException("Authorization header received " +
+ throw new HttpEmptyAuthenticationException("Authorization header received " +
"from the client is empty.");
}