You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Sailaja Polavarapu (JIRA)" <ji...@apache.org> on 2019/08/17 21:30:00 UTC
[jira] [Commented] (RANGER-2538) Ranger policy import calls via
knox trusted proxy failing
[ https://issues.apache.org/jira/browse/RANGER-2538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16909830#comment-16909830 ]
Sailaja Polavarapu commented on RANGER-2538:
--------------------------------------------
Request /response flow between Knox and Ranger with kerberos authentication supposed to be as follows:
# Knox sends unauthenticated request (with 100-expect)
# Ranger replies with 401 for authentication (and Connection: close)
# Knox sends the authentication with Negotiate header, authentication succeeded and now Knox retries sending the payload
But with tomcat sever (which is what Ranger uses), at step #2, tomcat sends back 100-continue header before ranger web filter reacts with 401. When Knox receives 100-continue, it starts pumping data immediately and the 401 sent by the ranger web filter layer is lost. So at some point the connection is closed according to ranger and hence the broken pipe error.
In order to fix this, I added code in ranger web filter to wait till all the data is received and then respond with 401. That way knox can re-open the connection and send the negotiate header with the data.
> Ranger policy import calls via knox trusted proxy failing
> ---------------------------------------------------------
>
> Key: RANGER-2538
> URL: https://issues.apache.org/jira/browse/RANGER-2538
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
>
> Posting large data through knox TP is causing the following exception in knox:
> java.net.SocketException: Broken pipe (Write failed) java.net.SocketException: Broken pipe (Write failed) at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111) at java.net.SocketOutputStream.write(SocketOutputStream.java:155) at org.apache.http.impl.io.SessionOutputBufferImpl.streamWrite(SessionOutputBufferImpl.java:124) at org.apache.http.impl.io.SessionOutputBufferImpl.flushBuffer(SessionOutputBufferImpl.java:136) at org.apache.http.impl.io.SessionOutputBufferImpl.write(SessionOutputBufferImpl.java:167) at org.apache.http.impl.io.ChunkedOutputStream.flushCacheWithAppend(ChunkedOutputStream.java:122) at org.apache.http.impl.io.ChunkedOutputStream.write(ChunkedOutputStream.java:179) at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2315) at org.apache.commons.io.IOUtils.copy(IOUtils.java:2270) at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2291)
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)