You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2012/04/08 01:16:43 UTC
svn commit: r1310915 -
/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
Author: stack
Date: Sat Apr 7 23:16:43 2012
New Revision: 1310915
URL: http://svn.apache.org/viewvc?rev=1310915&view=rev
Log:
HBASE-5735 Clearer warning message when connecting a non-secure HBase client to a secure HBase server
Modified:
hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
Modified: hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java?rev=1310915&r1=1310914&r2=1310915&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java (original)
+++ hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java Sat Apr 7 23:16:43 2012
@@ -47,6 +47,8 @@ import org.apache.hadoop.security.token.
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.util.StringUtils;
+import com.google.common.collect.ImmutableSet;
+
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
@@ -83,6 +85,7 @@ public abstract class SecureServer exten
// 3 : Introduce the protocol into the RPC connection header
// 4 : Introduced SASL security layer
public static final byte CURRENT_VERSION = 4;
+ public static final Set<Byte> INSECURE_VERSIONS = ImmutableSet.of((byte) 3);
public static final Log LOG = LogFactory.getLog("org.apache.hadoop.ipc.SecureServer");
private static final Log AUDITLOG =
@@ -400,10 +403,17 @@ public abstract class SecureServer exten
dataLengthBuffer.flip();
if (!HEADER.equals(dataLengthBuffer) || version != CURRENT_VERSION) {
//Warning is ok since this is not supposed to happen.
- LOG.warn("Incorrect header or version mismatch from " +
- hostAddress + ":" + remotePort +
- " got version " + version +
- " expected version " + CURRENT_VERSION);
+ if (INSECURE_VERSIONS.contains(version)) {
+ LOG.warn("An insecure client (version '" + version + "') is attempting to connect " +
+ " to this version '" + CURRENT_VERSION + "' secure server from " +
+ hostAddress + ":" + remotePort);
+ } else {
+ LOG.warn("Incorrect header or version mismatch from " +
+ hostAddress + ":" + remotePort +
+ " got version " + version +
+ " expected version " + CURRENT_VERSION);
+ }
+
return -1;
}
dataLengthBuffer.clear();