You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by re...@apache.org on 2021/02/05 07:38:07 UTC
[hbase] branch master updated: HBASE-25543 When configuration
hadoop.security.authorization is set to false,
the system will still try to authorize an RPC and raise
AccessDeniedException (#2919)
This is an automated email from the ASF dual-hosted git repository.
reidchan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/master by this push:
new 7905749 HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919)
7905749 is described below
commit 79057497331f6f381e6dc46a81f43f3f6b5ae4a2
Author: YutSean <33...@users.noreply.github.com>
AuthorDate: Fri Feb 5 15:37:34 2021 +0800
HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919)
Signed-off-by: Viraj Jasani <vj...@apache.org>
Signed-off-by: Reid Chan <re...@apache.org>
---
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java | 3 +++
.../src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index ca8593e..b0e8b7d 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface,
this.namedQueueRecorder = namedQueueRecorder;
}
+ protected boolean needAuthorization() {
+ return authorize;
+ }
}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
index 0226de4..422003e 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
@@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
} else {
processConnectionHeader(buf);
this.connectionHeaderRead = true;
- if (!authorizeConnection()) {
+ if (rpcServer.needAuthorization() && !authorizeConnection()) {
// Throw FatalConnectionException wrapping ACE so client does right thing and closes
// down the connection instead of trying to read non-existent retun.
throw new AccessDeniedException("Connection from " + this + " for service " +