You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Ctest (Jira)" <ji...@apache.org> on 2020/04/06 06:53:00 UTC

[jira] [Created] (HADOOP-16958) Adding guard checking or exception handling when `hadoop.security.authorization` is enabled but the input PolicyProvider for ZKFCRpcServer is `NULL`

Ctest created HADOOP-16958:
------------------------------

             Summary: Adding guard checking or exception handling when `hadoop.security.authorization` is enabled but the input PolicyProvider for ZKFCRpcServer is `NULL`
                 Key: HADOOP-16958
                 URL: https://issues.apache.org/jira/browse/HADOOP-16958
             Project: Hadoop Common
          Issue Type: Bug
          Components: common, ha
    Affects Versions: 3.2.1
            Reporter: Ctest


During initialization, ZKFCRpcServer refreshes the service authorization ACL for the service handled by this server if config hadoop.security.authorization is enabled, by calling refreshServiceAcl with the input PolicyProvider and Configuration.
{code:java}
ZKFCRpcServer(Configuration conf,
 InetSocketAddress bindAddr,
 ZKFailoverController zkfc,
 PolicyProvider policy) throws IOException {
 this.server = ...
 
 // set service-level authorization security policy
 if (conf.getBoolean(
 CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
 server.refreshServiceAcl(conf, policy);
 }
}{code}

refreshServiceAcl calls ServiceAuthorizationManager#refreshWithLoadedConfiguration which directly gets services from the provider with provider.getServices(). When the provider is NULL, the code throws NPE without an informative message. In addition, the default value of config `hadoop.security.authorization.policyprovider` (which controls PolicyProvider here) is NULL and the only usage of ZKFCRpcServer initializer provides only an abstract method getPolicyProvider which does not enforce that PolicyProvider should not be NULL.

The suggestion here is to either add a guard check or exception handling with an informative logging message on ZKFCRpcServer to handle input PolicyProvider being NULL.

 

I am very happy to provide a patch for it if the issue is confirmed :)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org