You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by zjffdu <gi...@git.apache.org> on 2017/03/07 07:13:05 UTC

[GitHub] zeppelin pull request #2104: ZEPPELIN-2224. Throw more meaningful exception ...

GitHub user zjffdu opened a pull request:

    https://github.com/apache/zeppelin/pull/2104

    ZEPPELIN-2224. Throw more meaningful exception when kerberos is enabled in livy interpreter

    ### What is this PR for?
    In kerberos enviroment, user would get the following exception is impersonation configuration is not correctly. This is not so useful for users. This PR would print more meaning exception for users. 
    
    ```
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620) at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202) at org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67) at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:360) at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) at org.spr
 ingframework.web.client.RestTemplate.exchange(RestTemplate.java:498) at org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:406) at org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:192) at org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:98) at org.apache.zeppelin.livy.BaseLivyInterprereter.open(BaseLivyInterprereter.java:80) at org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
    ```
    
    ### What type of PR is it?
    [Improvement]
    
    ### Todos
    * [ ] - Task
    
    ### What is the Jira issue?
    * https://issues.apache.org/jira/browse/ZEPPELIN-2224
    
    ### How should this be tested?
    Tested manually in secured cluster.
    
    ### Screenshots (if appropriate)
    
    Before this PR
    
    
    ```
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620) at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202) at org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67) at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:360) at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) at org.spr
 ingframework.web.client.RestTemplate.exchange(RestTemplate.java:498) at org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:406) at org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:192) at org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:98) at org.apache.zeppelin.livy.BaseLivyInterprereter.open(BaseLivyInterprereter.java:80) at org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
    ```
    
    After this PR
    ```
    org.apache.zeppelin.livy.LivyException: {"msg":"User 'zeppelin-sandbox' not allowed to impersonate 'Some(user1)'."}
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden
    	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
    	at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667)
    	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191)
    	at java.security.AccessController.doPrivileged(Native Method)
    	at javax.security.auth.Subject.doAs(Subject.java:360)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187)
    	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580)
    	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:407)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:193)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:99)
    ```
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? No
    * Does this needs documentation? No


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/zjffdu/zeppelin ZEPPELIN-2224

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2104.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2104
    
----
commit df49a2c399458668e7e104968a6cc2eeae980415
Author: Jeff Zhang <zj...@apache.org>
Date:   2017-03-07T07:02:37Z

    ZEPPELIN-2224. Throw more meaningful exception when kerberos is enabled in livy interpreter

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2104: ZEPPELIN-2224. Throw more meaningful exception ...

Posted by zjffdu <gi...@git.apache.org>.

GitHub user zjffdu reopened a pull request:

    https://github.com/apache/zeppelin/pull/2104

    ZEPPELIN-2224. Throw more meaningful exception when kerberos is enabled in livy interpreter

    ### What is this PR for?
    In kerberos enviroment, user would get the following exception is impersonation configuration is not correctly. This is not so useful for users. This PR would print more meaning exception for users. 
    
    ```
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden at 
    org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) at 
    org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667) at 
    org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191) at java.security.AccessController.doPrivileged(Native Method) at 
    javax.security.auth.Subject.doAs(Subject.java:360) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) at 
    org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:406) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:192) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:98) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.open(BaseLivyInterprereter.java:80) at 
    org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
    ```
    
    ### What type of PR is it?
    [Improvement]
    
    ### Todos
    * [ ] - Task
    
    ### What is the Jira issue?
    * https://issues.apache.org/jira/browse/ZEPPELIN-2224
    
    ### How should this be tested?
    Tested manually in secured cluster.
    
    ### Screenshots (if appropriate)
    
    Before this PR
    
    
    ```
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden at 
    org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) at 
    org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667) at 
    org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67) at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191) at java.security.AccessController.doPrivileged(Native Method) at 
    javax.security.auth.Subject.doAs(Subject.java:360) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498) at org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:406) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:192) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:98) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.open(BaseLivyInterprereter.java:80) at 
    org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
    ```
    
    After this PR
    ```
    org.apache.zeppelin.livy.LivyException: {"msg":"User 'zeppelin-sandbox' not allowed to impersonate 'Some(user1)'."}
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden
    	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
    	at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667)
    	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191)
    	at java.security.AccessController.doPrivileged(Native Method)
    	at javax.security.auth.Subject.doAs(Subject.java:360)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187)
    	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580)
    	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:407)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:193)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:99)
    ```
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? No
    * Does this needs documentation? No


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/zjffdu/zeppelin ZEPPELIN-2224

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2104.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2104
    
----

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2104: ZEPPELIN-2224. Throw more meaningful exception when ke...

Posted by zjffdu <gi...@git.apache.org>.

Github user zjffdu commented on the issue:

    https://github.com/apache/zeppelin/pull/2104
  
    Merge if no more comments


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2104: ZEPPELIN-2224. Throw more meaningful exception ...

Posted by zjffdu <gi...@git.apache.org>.

Github user zjffdu closed the pull request at:

    https://github.com/apache/zeppelin/pull/2104


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2104: ZEPPELIN-2224. Throw more meaningful exception ...

Posted by zjffdu <gi...@git.apache.org>.

Github user zjffdu closed the pull request at:

    https://github.com/apache/zeppelin/pull/2104


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2104: ZEPPELIN-2224. Throw more meaningful exception when ke...

Posted by zjffdu <gi...@git.apache.org>.

Github user zjffdu commented on the issue:

    https://github.com/apache/zeppelin/pull/2104
  
    ping @felixcheung 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2104: ZEPPELIN-2224. Throw more meaningful exception ...

Posted by zjffdu <gi...@git.apache.org>.

GitHub user zjffdu reopened a pull request:

    https://github.com/apache/zeppelin/pull/2104

    ZEPPELIN-2224. Throw more meaningful exception when kerberos is enabled in livy interpreter

    ### What is this PR for?
    In kerberos enviroment, user would get the following exception is impersonation configuration is not correctly. This is not so useful for users. This PR would print more meaning exception for users. 
    
    ```
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden at 
    org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) at 
    org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667) at 
    org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191) at java.security.AccessController.doPrivileged(Native Method) at 
    javax.security.auth.Subject.doAs(Subject.java:360) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) at 
    org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:406) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:192) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:98) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.open(BaseLivyInterprereter.java:80) at 
    org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
    ```
    
    ### What type of PR is it?
    [Improvement]
    
    ### Todos
    * [ ] - Task
    
    ### What is the Jira issue?
    * https://issues.apache.org/jira/browse/ZEPPELIN-2224
    
    ### How should this be tested?
    Tested manually in secured cluster.
    
    ### Screenshots (if appropriate)
    
    Before this PR
    
    
    ```
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden at 
    org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) at 
    org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667) at 
    org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67) at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191) at java.security.AccessController.doPrivileged(Native Method) at 
    javax.security.auth.Subject.doAs(Subject.java:360) at 
    org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498) at org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:406) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:192) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:98) at 
    org.apache.zeppelin.livy.BaseLivyInterprereter.open(BaseLivyInterprereter.java:80) at 
    org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
    ```
    
    After this PR
    ```
    org.apache.zeppelin.livy.LivyException: {"msg":"User 'zeppelin-sandbox' not allowed to impersonate 'Some(user1)'."}
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden
    	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
    	at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667)
    	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191)
    	at java.security.AccessController.doPrivileged(Native Method)
    	at javax.security.auth.Subject.doAs(Subject.java:360)
    	at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187)
    	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580)
    	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:407)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:193)
    	at org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:99)
    ```
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? No
    * Does this needs documentation? No


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/zjffdu/zeppelin ZEPPELIN-2224

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2104.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2104
    
----
commit df49a2c399458668e7e104968a6cc2eeae980415
Author: Jeff Zhang <zj...@apache.org>
Date:   2017-03-07T07:02:37Z

    ZEPPELIN-2224. Throw more meaningful exception when kerberos is enabled in livy interpreter

commit c9041ed07034422d4f0347841284cebb68bac608
Author: Jeff Zhang <zj...@apache.org>
Date:   2017-03-07T07:38:29Z

    code cleanup

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2104: ZEPPELIN-2224. Throw more meaningful exception ...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/zeppelin/pull/2104


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2104: ZEPPELIN-2224. Throw more meaningful exception when ke...

Posted by zjffdu <gi...@git.apache.org>.

Github user zjffdu commented on the issue:

    https://github.com/apache/zeppelin/pull/2104
  
    @prabhjyotsingh @felixcheung Please help review


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---