You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Yusaku Sako (JIRA)" <ji...@apache.org> on 2017/03/20 21:53:42 UTC

[jira] [Updated] (AMBARI-19336) User should be prompted to enter valid workflow xml file name while Submit/Validate

     [ https://issues.apache.org/jira/browse/AMBARI-19336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Yusaku Sako updated AMBARI-19336:
---------------------------------
    Reporter: Supreeth Sharma  (was: M Madhan Mohan Reddy)

> User should be prompted to enter valid workflow xml file name while Submit/Validate
> -----------------------------------------------------------------------------------
>
>                 Key: AMBARI-19336
>                 URL: https://issues.apache.org/jira/browse/AMBARI-19336
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-views
>    Affects Versions: 2.5.0
>            Reporter: Supreeth Sharma
>            Assignee: M Madhan Mohan Reddy
>              Labels: WFD
>             Fix For: 2.5.0
>
>         Attachments: AMBARI-19336_trunk.patch
>
>
> User should be prompted to enter valid workflow xml file name while Submit/Validate
> As of now user can provide any file name. Also user is not restricted even if he provides a directory structure.
> For example if user provides xml file as /tmp/testPath, a file 'testPath' is getting created under directory /tmp/
> This file has permission : '-rw-r--r--'
> Due to this restricted permission, below issues are faced :
> Issue 1 : User is not able to import the saved workflow.
> Issue 2 : From the dashboard, if user selects any instance of the workflow and decides to edit the workflow, user is shown with below error :
> {code}
> There is some problem while importing.Please try again. Hide Log
> org.apache.hadoop.security.AccessControlException: Permission denied: user=admin, access=EXECUTE, inode="/oozieex/mr-ex1/workflow.xml":admin:hadoop:-rw-r--r--
>     at sun.reflect.GeneratedConstructorAccessor263.newInstance(Unknown Source)
>     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>     at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>     at org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:106)
>     at org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:95)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.toIOException(WebHdfsFileSystem.java:390)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.access$600(WebHdfsFileSystem.java:90)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.shouldRetry(WebHdfsFileSystem.java:661)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:627)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.access$100(WebHdfsFileSystem.java:463)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner$1.run(WebHdfsFileSystem.java:492)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at javax.security.auth.Subject.doAs(Subject.java:422)
>     at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.run(WebHdfsFileSystem.java:488)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$UnresolvedUrlOpener.connect(WebHdfsFileSystem.java:1217)
>     at org.apache.hadoop.hdfs.web.ByteRangeInputStream.openInputStream(ByteRangeInputStream.java:121)
>     at org.apache.hadoop.hdfs.web.ByteRangeInputStream.getInputStream(ByteRangeInputStream.java:105)
>     at org.apache.hadoop.hdfs.web.ByteRangeInputStream.(ByteRangeInputStream.java:90)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$OffsetUrlInputStream.(WebHdfsFileSystem.java:1274)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.open(WebHdfsFileSystem.java:1188)
>     at org.apache.hadoop.fs.FileSystem.open(FileSystem.java:767)
>     at org.apache.ambari.view.utils.hdfs.HdfsApi$14.run(HdfsApi.java:324)
>     at org.apache.ambari.view.utils.hdfs.HdfsApi$14.run(HdfsApi.java:322)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at javax.security.auth.Subject.doAs(Subject.java:422)
>     at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
>     at org.apache.ambari.view.utils.hdfs.HdfsApi.execute(HdfsApi.java:397)
>     at org.apache.ambari.view.utils.hdfs.HdfsApi.open(HdfsApi.java:322)
>     at org.apache.oozie.ambari.view.HDFSFileUtils.read(HDFSFileUtils.java:57)
>     at org.apache.oozie.ambari.view.WorkflowFilesService.readWorkflowXml(WorkflowFilesService.java:54)
>     at org.apache.oozie.ambari.view.OozieProxyImpersonator.readWorkflowXxml(OozieProxyImpersonator.java:400)
>     at sun.reflect.GeneratedMethodAccessor373.invoke(Unknown Source)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>     at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205)
>     at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>     at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
>     at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>     at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
>     at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>     at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
>     at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>     at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
>     at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>     at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
>     at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>     at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>     at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>     at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>     at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
>     at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
>     at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
>     at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
>     at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
>     at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558)
>     at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1507)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
>     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:286)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.apache.ambari.server.security.authentication.AmbariDelegatingAuthenticationFilter.doFilter(AmbariDelegatingAuthenticationFilter.java:132)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.apache.ambari.server.security.authorization.AmbariUserAuthorizationFilter.doFilter(AmbariUserAuthorizationFilter.java:91)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>     at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
>     at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1478)
>     at org.apache.ambari.server.api.MethodOverrideFilter.doFilter(MethodOverrideFilter.java:72)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1478)
>     at org.apache.ambari.server.api.AmbariPersistFilter.doFilter(AmbariPersistFilter.java:47)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1478)
>     at org.apache.ambari.server.view.AmbariViewsMDCLoggingFilter.doFilter(AmbariViewsMDCLoggingFilter.java:54)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1478)
>     at org.apache.ambari.server.view.ViewThrottleFilter.doFilter(ViewThrottleFilter.java:161)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1478)
>     at org.apache.ambari.server.security.AbstractSecurityHeaderFilter.doFilter(AbstractSecurityHeaderFilter.java:109)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1478)
>     at org.apache.ambari.server.security.AbstractSecurityHeaderFilter.doFilter(AbstractSecurityHeaderFilter.java:109)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1478)
>     at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:82)
>     at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:294)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1478)
>     at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
>     at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
>     at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
>     at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
>     at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
>     at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:427)
>     at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
>     at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
>     at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
>     at org.apache.ambari.server.controller.AmbariHandlerList.processHandlers(AmbariHandlerList.java:212)
>     at org.apache.ambari.server.controller.AmbariHandlerList.processHandlers(AmbariHandlerList.java:201)
>     at org.apache.ambari.server.controller.AmbariHandlerList.handle(AmbariHandlerList.java:139)
>     at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
>     at org.eclipse.jetty.server.Server.handle(Server.java:370)
>     at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
>     at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:973)
>     at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1035)
>     at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:641)
>     at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:231)
>     at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
>     at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
>     at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
>     at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
>     at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
>     at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied: user=admin, access=EXECUTE, inode="/oozieex/mr-ex1/workflow.xml":admin:hadoop:-rw-r--r--
>     at org.apache.hadoop.hdfs.web.JsonUtil.toRemoteException(JsonUtil.java:112)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.validateResponse(WebHdfsFileSystem.java:358)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.access$200(WebHdfsFileSystem.java:90)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.connect(WebHdfsFileSystem.java:534)
>     at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:610)
> 	... 119 more
> {code}
>  



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)