You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2012/04/08 01:17:46 UTC
svn commit: r1310916 - in /hbase/branches/0.92: CHANGES.txt
security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
Author: stack
Date: Sat Apr 7 23:17:45 2012
New Revision: 1310916
URL: http://svn.apache.org/viewvc?rev=1310916&view=rev
Log:
HBASE-5735 Clearer warning message when connecting a non-secure HBase client to a secure HBase server
Modified:
hbase/branches/0.92/CHANGES.txt
hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
Modified: hbase/branches/0.92/CHANGES.txt
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/CHANGES.txt?rev=1310916&r1=1310915&r2=1310916&view=diff
==============================================================================
--- hbase/branches/0.92/CHANGES.txt (original)
+++ hbase/branches/0.92/CHANGES.txt Sat Apr 7 23:17:45 2012
@@ -28,6 +28,8 @@ Release 0.92.2 - Unreleased
HBASE-5724 Row cache of KeyValue should be cleared in readFields().
(Teruyoshi Zenmyo)
HBASE-5680 Improve compatibilty warning about HBase with Hadoop 0.23.x
+ HBASE-5735 Clearer warning message when connecting a non-secure HBase client to a
+ secure HBase server (Shaneal Manek)
IMPROVEMENTS
HBASE-5592 Make it easier to get a table from shell (Ben West)
Modified: hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java?rev=1310916&r1=1310915&r2=1310916&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java (original)
+++ hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java Sat Apr 7 23:17:45 2012
@@ -47,6 +47,8 @@ import org.apache.hadoop.security.token.
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.util.StringUtils;
+import com.google.common.collect.ImmutableSet;
+
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
@@ -83,6 +85,7 @@ public abstract class SecureServer exten
// 3 : Introduce the protocol into the RPC connection header
// 4 : Introduced SASL security layer
public static final byte CURRENT_VERSION = 4;
+ public static final Set<Byte> INSECURE_VERSIONS = ImmutableSet.of((byte) 3);
public static final Log LOG = LogFactory.getLog("org.apache.hadoop.ipc.SecureServer");
private static final Log AUDITLOG =
@@ -400,10 +403,17 @@ public abstract class SecureServer exten
dataLengthBuffer.flip();
if (!HEADER.equals(dataLengthBuffer) || version != CURRENT_VERSION) {
//Warning is ok since this is not supposed to happen.
- LOG.warn("Incorrect header or version mismatch from " +
- hostAddress + ":" + remotePort +
- " got version " + version +
- " expected version " + CURRENT_VERSION);
+ if (INSECURE_VERSIONS.contains(version)) {
+ LOG.warn("An insecure client (version '" + version + "') is attempting to connect " +
+ " to this version '" + CURRENT_VERSION + "' secure server from " +
+ hostAddress + ":" + remotePort);
+ } else {
+ LOG.warn("Incorrect header or version mismatch from " +
+ hostAddress + ":" + remotePort +
+ " got version " + version +
+ " expected version " + CURRENT_VERSION);
+ }
+
return -1;
}
dataLengthBuffer.clear();