You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hbase.apache.org by vj...@apache.org on 2021/02/05 17:02:08 UTC

[hbase] branch branch-2.3 updated: HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2929) (#2919)

This is an automated email from the ASF dual-hosted git repository.

vjasani pushed a commit to branch branch-2.3
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2.3 by this push:
     new d885319  HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2929) (#2919)
d885319 is described below

commit d88531953f89783d7661d8263e546c03a8dd49c6
Author: YutSean <33...@users.noreply.github.com>
AuthorDate: Sat Feb 6 00:37:21 2021 +0800

    HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2929) (#2919)
    
    Signed-off-by: Viraj Jasani <vj...@apache.org>
    Signed-off-by: Reid Chan <re...@apache.org>
---
 hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java | 4 ++++
 .../main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java    | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index e575d5d..9a0c653 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -825,4 +825,8 @@ public abstract class RpcServer implements RpcServerInterface,
   public SlowLogRecorder getSlowLogRecorder() {
     return slowLogRecorder;
   }
+
+  protected boolean needAuthorization() {
+    return authorize;
+  }
 }
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
index 475dcc3..29ce30b 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
@@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
     } else {
       processConnectionHeader(buf);
       this.connectionHeaderRead = true;
-      if (!authorizeConnection()) {
+      if (rpcServer.needAuthorization() && !authorizeConnection()) {
         // Throw FatalConnectionException wrapping ACE so client does right thing and closes
         // down the connection instead of trying to read non-existent retun.
         throw new AccessDeniedException("Connection from " + this + " for service " +