You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hbase.apache.org by vj...@apache.org on 2021/02/07 15:42:01 UTC

[hbase] branch branch-1 updated: HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2932) (#2919)

This is an automated email from the ASF dual-hosted git repository.

vjasani pushed a commit to branch branch-1
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-1 by this push:
     new 7d80d99  HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2932) (#2919)
7d80d99 is described below

commit 7d80d9971ac5994c58bd0d8202eb99711fc101ba
Author: YutSean <33...@users.noreply.github.com>
AuthorDate: Sun Feb 7 23:41:35 2021 +0800

    HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2932) (#2919)
    
    Signed-off-by: Viraj Jasani <vj...@apache.org>
    Signed-off-by: Reid Chan <re...@apache.org>
---
 hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index 377ddcf..af38156 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -1973,7 +1973,7 @@ public class RpcServer implements RpcServerInterface, ConfigurationObserver {
       } else {
         processConnectionHeader(buf);
         this.connectionHeaderRead = true;
-        if (!authorizeConnection()) {
+        if (authorize && !authorizeConnection()) {
           // Throw FatalConnectionException wrapping ACE so client does right thing and closes
           // down the connection instead of trying to read non-existent retun.
           throw new AccessDeniedException("Connection from " + this + " for service " +