You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by jb...@apache.org on 2020/12/03 16:56:19 UTC
[hadoop] branch trunk updated: HADOOP-17392. Remote exception
messages should not include the exception class (#2486). Contributed by
Daryn Sharp and Ahmed Hussein
This is an automated email from the ASF dual-hosted git repository.
jbrennan pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new f94e927 HADOOP-17392. Remote exception messages should not include the exception class (#2486). Contributed by Daryn Sharp and Ahmed Hussein
f94e927 is described below
commit f94e927bfbeab5f5c4f8d4d75218eee4caa6c6c7
Author: Ahmed Hussein <50...@users.noreply.github.com>
AuthorDate: Thu Dec 3 10:55:51 2020 -0600
HADOOP-17392. Remote exception messages should not include the exception class (#2486). Contributed by Daryn Sharp and Ahmed Hussein
---
.../src/main/java/org/apache/hadoop/ipc/Client.java | 4 +++-
.../src/main/java/org/apache/hadoop/ipc/Server.java | 5 ++---
.../src/main/java/org/apache/hadoop/net/NetUtils.java | 6 ++++++
.../src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java | 13 ++++++++-----
4 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
index ae3999b..4a0b5ae 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
@@ -18,6 +18,7 @@
package org.apache.hadoop.ipc;
+import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
import org.apache.hadoop.thirdparty.com.google.common.util.concurrent.ThreadFactoryBuilder;
@@ -857,7 +858,8 @@ public class Client implements AutoCloseable {
}
} else if (UserGroupInformation.isSecurityEnabled()) {
if (!fallbackAllowed) {
- throw new IOException("Server asks us to fall back to SIMPLE " +
+ throw new AccessControlException(
+ "Server asks us to fall back to SIMPLE " +
"auth, but this client is configured to only allow secure " +
"connections.");
}
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
index cbee123..9be4ff2 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
@@ -2202,7 +2202,7 @@ public abstract class Server {
private void doSaslReply(Exception ioe) throws IOException {
setupResponse(authFailedCall,
RpcStatusProto.FATAL, RpcErrorCodeProto.FATAL_UNAUTHORIZED,
- null, ioe.getClass().getName(), ioe.toString());
+ null, ioe.getClass().getName(), ioe.getMessage());
sendResponse(authFailedCall);
}
@@ -2597,8 +2597,7 @@ public abstract class Server {
final RpcCall call = new RpcCall(this, callId, retry);
setupResponse(call,
rse.getRpcStatusProto(), rse.getRpcErrorCodeProto(), null,
- t.getClass().getName(),
- t.getMessage() != null ? t.getMessage() : t.toString());
+ t.getClass().getName(), t.getMessage());
sendResponse(call);
}
}
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/net/NetUtils.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/net/NetUtils.java
index 2b2c028..0f4dd9d 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/net/NetUtils.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/net/NetUtils.java
@@ -46,6 +46,7 @@ import java.util.concurrent.ConcurrentHashMap;
import javax.net.SocketFactory;
+import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.thirdparty.com.google.common.cache.Cache;
import org.apache.hadoop.thirdparty.com.google.common.cache.CacheBuilder;
@@ -874,6 +875,11 @@ public class NetUtils {
+ " failed on socket exception: " + exception
+ ";"
+ see("SocketException"));
+ } else if (exception instanceof AccessControlException) {
+ return wrapWithMessage(exception,
+ "Call From "
+ + localHost + " to " + destHost + ":" + destPort
+ + " failed: " + exception.getMessage());
} else {
// 1. Return instance of same type with exception msg if Exception has a
// String constructor.
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
index 5f94457..72085a1 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
@@ -533,13 +533,16 @@ public class TestSaslRPC extends TestRpcBase {
}
private static Pattern BadToken =
- Pattern.compile(".*DIGEST-MD5: digest response format violation.*");
+ Pattern.compile("^" + RemoteException.class.getName() +
+ "\\("+ SaslException.class.getName() + "\\): " +
+ "DIGEST-MD5: digest response format violation.*");
private static Pattern KrbFailed =
Pattern.compile(".*Failed on local exception:.* " +
"Failed to specify server's Kerberos principal name.*");
private static Pattern Denied(AuthMethod method) {
- return Pattern.compile(".*RemoteException.*AccessControlException.*: "
- + method + " authentication is not enabled.*");
+ return Pattern.compile("^" + RemoteException.class.getName() +
+ "\\(" + AccessControlException.class.getName() + "\\): "
+ + method + " authentication is not enabled.*");
}
private static Pattern No(AuthMethod ... method) {
String methods = StringUtils.join(method, ",\\s*");
@@ -547,10 +550,10 @@ public class TestSaslRPC extends TestRpcBase {
"Client cannot authenticate via:\\[" + methods + "\\].*");
}
private static Pattern NoTokenAuth =
- Pattern.compile(".*IllegalArgumentException: " +
+ Pattern.compile("^" + IllegalArgumentException.class.getName() + ": " +
"TOKEN authentication requires a secret manager");
private static Pattern NoFallback =
- Pattern.compile(".*Failed on local exception:.* " +
+ Pattern.compile("^" + AccessControlException.class.getName() + ":.* " +
"Server asks us to fall back to SIMPLE auth, " +
"but this client is configured to only allow secure connections.*");
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org