You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2019/02/05 21:15:00 UTC
[jira] [Commented] (HADOOP-16094) AuthenticationFilter can trigger
NullPointerException in KerberosName class
[ https://issues.apache.org/jira/browse/HADOOP-16094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16761227#comment-16761227 ]
Eric Yang commented on HADOOP-16094:
------------------------------------
Hadoop-auth project builds before Hadoop-common, yet AuthenticationFilter depends on UserGroupInformation to implicitly initialize KerberosName.rules to work properly. Hence, project that uses AuthenticationFilter must carefully initialize UserGroupInformation.initialize(conf, true) to side step NPE problem. It is best to document this caveats in AuthenticationFilter documentation, or merge Hadoop auth and Hadoop common projects to avoid the inconvenience of circular dependencies.
> AuthenticationFilter can trigger NullPointerException in KerberosName class
> ---------------------------------------------------------------------------
>
> Key: HADOOP-16094
> URL: https://issues.apache.org/jira/browse/HADOOP-16094
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 3.2.0, 3.3.0, 3.1.2
> Reporter: Eric Yang
> Priority: Major
>
> Hadoop AuthenticationFilter example can fail with NullPointerException if auth_to_local rules has not been parsed from Configuration object. This can happen if the web application does not have any initialization code that leads to triggering: UserGroupInformation.initialize(conf, boolean);
> Stacktrace:
> {code}
> 2019-02-05 20:08:05,668 [http-bio-8080-exec-11] DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter- Authentication exception: java.lang.NullPointerException
> org.apache.hadoop.security.authentication.client.AuthenticationException: java.lang.NullPointerException
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:315)
> at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:536)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.NullPointerException
> at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:422)
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.runWithPrincipal(KerberosAuthenticationHandler.java:352)
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.access$000(KerberosAuthenticationHandler.java:64)
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:304)
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:301)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:300)
> ... 18 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org