You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hbase.apache.org by re...@apache.org on 2021/02/05 07:38:07 UTC

[hbase] branch master updated: HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919)

This is an automated email from the ASF dual-hosted git repository.

reidchan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/master by this push:
     new 7905749  HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919)
7905749 is described below

commit 79057497331f6f381e6dc46a81f43f3f6b5ae4a2
Author: YutSean <33...@users.noreply.github.com>
AuthorDate: Fri Feb 5 15:37:34 2021 +0800

    HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2919)
    
    Signed-off-by: Viraj Jasani <vj...@apache.org>
    Signed-off-by: Reid Chan <re...@apache.org>
---
 hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java  | 3 +++
 .../src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index ca8593e..b0e8b7d 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -822,4 +822,7 @@ public abstract class RpcServer implements RpcServerInterface,
     this.namedQueueRecorder = namedQueueRecorder;
   }
 
+  protected boolean needAuthorization() {
+    return authorize;
+  }
 }
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
index 0226de4..422003e 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
@@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
     } else {
       processConnectionHeader(buf);
       this.connectionHeaderRead = true;
-      if (!authorizeConnection()) {
+      if (rpcServer.needAuthorization() && !authorizeConnection()) {
         // Throw FatalConnectionException wrapping ACE so client does right thing and closes
         // down the connection instead of trying to read non-existent retun.
         throw new AccessDeniedException("Connection from " + this + " for service " +