You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/08/19 08:07:00 UTC

[jira] [Updated] (HDDS-7139) INVALID_TOKEN is handled as internal error in S3G

     [ https://issues.apache.org/jira/browse/HDDS-7139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ASF GitHub Bot updated HDDS-7139:
---------------------------------
    Labels: pull-request-available  (was: )

> INVALID_TOKEN is handled as internal error in S3G
> -------------------------------------------------
>
>                 Key: HDDS-7139
>                 URL: https://issues.apache.org/jira/browse/HDDS-7139
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: S3
>            Reporter: Attila Doroszlai
>            Assignee: Attila Doroszlai
>            Priority: Major
>              Labels: pull-request-available
>
> Providing wrong signature (authentication) for S3 request should result in access denied (403), but currently it results in server error (500) instead:
> {code}
> $ kinit -kt /etc/security/keytabs/scm.keytab scm/scm@EXAMPLE.COM
> $ ozone sh bucket create /s3v/bucket
> $ ozone sh key put /s3v/bucket/passwd /etc/passwd
> $ curl -i -X GET 'http://s3g:9878/bucket/passwd' -H 'Authorization: AWS scm/scm@EXAMPLE.COM:asdfqwerty'
> HTTP/1.1 500 Server Error
> ...
> {code}
> Server-side log:
> {noformat}
> s3g_1       | 2022-08-18 17:58:41,466 [qtp1178587240-20] WARN server.HttpChannelState: unhandled due to prior sendError
> s3g_1       | javax.servlet.ServletException: javax.servlet.ServletException: org.glassfish.jersey.server.ContainerException: INVALID_TOKEN org.apache.hadoop.ozone.om.exceptions.OMException: User scm/scm@EXAMPLE.COM request authorization failure: signatures do NOT match
> ...
> s3g_1       | Caused by: INVALID_TOKEN org.apache.hadoop.ozone.om.exceptions.OMException: User scm/scm@EXAMPLE.COM request authorization failure: signatures do NOT match
> s3g_1       | 	at org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.handleError(OzoneManagerProtocolClientSideTranslatorPB.java:696)
> s3g_1       | 	at org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.getS3VolumeContext(OzoneManagerProtocolClientSideTranslatorPB.java:1205)
> s3g_1       | 	at org.apache.hadoop.ozone.client.rpc.RpcClient.getS3VolumeContext(RpcClient.java:510)
> s3g_1       | 	at org.apache.hadoop.ozone.client.ObjectStore.getS3Volume(ObjectStore.java:167)
> s3g_1       | 	at org.apache.hadoop.ozone.s3.endpoint.EndpointBase.getVolume(EndpointBase.java:133)
> s3g_1       | 	at org.apache.hadoop.ozone.s3.endpoint.ObjectEndpoint.get(ObjectEndpoint.java:289)
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org