You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by vj...@apache.org on 2021/02/05 17:02:08 UTC
[hbase] branch branch-2.3 updated: HBASE-25543 When configuration
hadoop.security.authorization is set to false,
the system will still try to authorize an RPC and raise
AccessDeniedException (#2929) (#2919)
This is an automated email from the ASF dual-hosted git repository.
vjasani pushed a commit to branch branch-2.3
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.3 by this push:
new d885319 HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2929) (#2919)
d885319 is described below
commit d88531953f89783d7661d8263e546c03a8dd49c6
Author: YutSean <33...@users.noreply.github.com>
AuthorDate: Sat Feb 6 00:37:21 2021 +0800
HBASE-25543 When configuration hadoop.security.authorization is set to false, the system will still try to authorize an RPC and raise AccessDeniedException (#2929) (#2919)
Signed-off-by: Viraj Jasani <vj...@apache.org>
Signed-off-by: Reid Chan <re...@apache.org>
---
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java | 4 ++++
.../main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index e575d5d..9a0c653 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -825,4 +825,8 @@ public abstract class RpcServer implements RpcServerInterface,
public SlowLogRecorder getSlowLogRecorder() {
return slowLogRecorder;
}
+
+ protected boolean needAuthorization() {
+ return authorize;
+ }
}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
index 475dcc3..29ce30b 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
@@ -449,7 +449,7 @@ abstract class ServerRpcConnection implements Closeable {
} else {
processConnectionHeader(buf);
this.connectionHeaderRead = true;
- if (!authorizeConnection()) {
+ if (rpcServer.needAuthorization() && !authorizeConnection()) {
// Throw FatalConnectionException wrapping ACE so client does right thing and closes
// down the connection instead of trying to read non-existent retun.
throw new AccessDeniedException("Connection from " + this + " for service " +