You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@phoenix.apache.org by "Chinmay Kulkarni (JIRA)" <ji...@apache.org> on 2019/06/26 05:45:00 UTC
[jira] [Commented] (PHOENIX-5374) Incorrect exception thrown in
some cases when client does not have Exec permissions on SYSTEM:CATALOG
[ https://issues.apache.org/jira/browse/PHOENIX-5374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16872943#comment-16872943 ]
Chinmay Kulkarni commented on PHOENIX-5374:
-------------------------------------------
Please review [~abhishek.chouhan] [~tdsilva]
FYI [~sukunaidu@gmail.com]
> Incorrect exception thrown in some cases when client does not have Exec permissions on SYSTEM:CATALOG
> -----------------------------------------------------------------------------------------------------
>
> Key: PHOENIX-5374
> URL: https://issues.apache.org/jira/browse/PHOENIX-5374
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Chinmay Kulkarni
> Assignee: Chinmay Kulkarni
> Priority: Major
> Fix For: 5.1.0, 4.15.1
>
> Attachments: PHOENIX-5374-master-v1.patch
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Scenario:
> * Server and client-side namespace-mapping is enabled.
> * "hbase.security.exec.permission.checks" is true on the server. Thus, EXEC permission checking will be performed during coprocessor endpoint invocations.
> * Client does not have EXEC permissions on SYSTEM:CATALOG
> * Client calls DriverManager.getConnection(..) and this fails with the following exception:
> {noformat}
> java.sql.SQLException: ERROR 2006 (INT08): Incompatible jars detected between client and server. Ensure that phoenix-[version]-server.jar is put on the classpath of HBase in every region server: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=unprivilegedUser_N000007, scope=SYSTEM:CATALOG, params=[table=SYSTEM:CATALOG],action=EXEC)
> at org.apache.hadoop.hbase.security.access.AccessChecker.requirePermission(AccessChecker.java:281)
> at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:446)
> at org.apache.hadoop.hbase.security.access.AccessController.preEndpointInvocation(AccessController.java:2015)
> at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$64.call(RegionCoprocessorHost.java:1707)
> at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$64.call(RegionCoprocessorHost.java:1704)
> at org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithResult.callObserver(CoprocessorHost.java:578)
> at org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:614)
> at org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperationWithResult(CoprocessorHost.java:592)
> at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preEndpointInvocation(RegionCoprocessorHost.java:1703)
> at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8011)
> at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2409)
> at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2391)
> at org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:409)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
> {noformat}
> The above is encountered as a result of a call to _getVersion_ from _ConnectionQueryServicesImpl#checkClientServerCompatibility_, but can occur from any place that we check client-server compatibility.
> The exception bubbles up as an *INCOMPATIBLE_CLIENT_SERVER_JAR* exception, which is wrong and also leads to misleading logs for clients.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)