You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@falcon.apache.org by "Samarth Gupta (JIRA)" <ji...@apache.org> on 2014/03/03 07:30:24 UTC

[jira] [Comment Edited] (FALCON-326) Falcon not returning ProxyOozieClient for Simple Authentication

    [ https://issues.apache.org/jira/browse/FALCON-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13917768#comment-13917768 ] 

Samarth Gupta edited comment on FALCON-326 at 3/3/14 6:28 AM:
--------------------------------------------------------------

updated oozie-site.xml with changes suggested by [~svenkat]

i have used the setting "${user.name}"  , do i need to replace it with some specific hardcocded user name like "samarth" , "oozie" , "falcon"  etc .....
If this value is expected to be hardcoded and be equal to the used who is submitting the job, it will be very difficult for us at inmobi, since we have lot of different users submitting jobs. 


was (Author: samarthg):
updated oozie-site.xml with changes suggested by [~svenkat]

> Falcon not returning ProxyOozieClient for Simple Authentication 
> ----------------------------------------------------------------
>
>                 Key: FALCON-326
>                 URL: https://issues.apache.org/jira/browse/FALCON-326
>             Project: Falcon
>          Issue Type: Bug
>          Components: common
>         Environment: QA InMobi 
>            Reporter: Samarth Gupta
>            Assignee: Srikanth Sundarrajan
>            Priority: Blocker
>         Attachments: oozie-site.xml
>
>
> After the security patch been merged as per JIRA https://issues.apache.org/jira/browse/FALCON-16
> Changes are not backward compatible since same setup worked perfectly fine with old falcon builds before security patch. 
> all submit / schedule request are failing in distributed mode, when falcon is being started with default "*.falcon.http.authentication.type=simple" 
> The reason being falcon returns ProxyOozieClient for both simple and kerberos mode. 
> error on submit entity :
> {code}
> 2014-02-28 12:00:31,787 ERROR V1AdminServlet:536 - USER[-] GROUP[-] TOKEN[-] APP[-] JOB[-] ACTION[-] URL[GET http://gs1001.grid.corp.inmobi.com:11000/oozie/v1/admin/status?doAs=samarth.gupta&user.name=samarth] error, User [samarth] not defined as proxyuser
> java.security.AccessControlException: User [samarth] not defined as proxyuser
>        at org.apache.oozie.service.ProxyUserService.validate(ProxyUserService.java:148)
>        at org.apache.oozie.servlet.JsonRestServlet.getUser(JsonRestServlet.java:553)
>        at org.apache.oozie.servlet.JsonRestServlet.service(JsonRestServlet.java:278)
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at org.apache.oozie.servlet.AuthFilter$2.doFilter(AuthFilter.java:126)
>        at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
>        at org.apache.oozie.servlet.AuthFilter.doFilter(AuthFilter.java:131)
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at org.apache.oozie.servlet.HostnameFilter.doFilter(HostnameFilter.java:84)
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
>        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
>        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>        at java.lang.Thread.run(Thread.java:701)
> {code}
> even if we bypass the above error by hardcoding the remote user, following error comes in schedule:
> {code}
> 014-02-28 12:24:23,323 ERROR - [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817 b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Failure reason (FalconWebException:39)
> org.apache.falcon.FalconException: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:208)
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:234)
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:227)
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.schedule(OozieWorkflowEngine.java:107)
>        at org.apache.falcon.resource.AbstractSchedulableEntityManager.scheduleInternal(AbstractSchedulableEntityManager.java:68)
>        at org.apache.falcon.resource.AbstractSchedulableEntityManager.schedule(AbstractSchedulableEntityManager.java:57)
>        at org.apache.falcon.resource.SchedulableEntityManager.schedule(SchedulableEntityManager.java:85)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>        at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
>        at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>        at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
>        at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>        at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>        at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>        at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>        at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
>        at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
>        at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
>        at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
>        at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
>        at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
>        at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>        at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
>        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
>        at org.apache.falcon.security.BasicAuthFilter$2.doFilter(BasicAuthFilter.java:156)
>        at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
>        at org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194)
>        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
>        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
>        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
>        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
>        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
>        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
>        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
>        at org.mortbay.jetty.Server.handle(Server.java:326)
>        at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
>        at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
>        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
>        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
>        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>        at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
>        at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Caused by: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
>        at org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:559)
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:193)
>        ... 46 more
> Caused by: E1400 : User [samarth] not defined as proxyuser
>        at org.apache.oozie.client.OozieClient.handleError(OozieClient.java:508)
>        at org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1186)
>        at org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1165)
>        at org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:479)
>        at org.apache.oozie.client.OozieClient.getBundleJobsInfo(OozieClient.java:1518)
>        at org.apache.oozie.client.ProxyOozieClient.access$2901(ProxyOozieClient.java:48)
>        at org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:555)
>        at org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:553)
>        at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191)
>        at org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:553)
>        ... 47 more
> 2014-02-28 12:24:23,325 ERROR - [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817 b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Action failed: Bad Request
> Error:AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
> (FalconWebException:58)
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)