You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2012/07/05 19:23:58 UTC
svn commit: r1357751 -
/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
Author: apurtell
Date: Thu Jul 5 17:23:58 2012
New Revision: 1357751
URL: http://svn.apache.org/viewvc?rev=1357751&view=rev
Log:
HBASE-6314. Fast fail behavior for unauthenticated user (Himanshu Vashishtha)
Modified:
hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
Modified: hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java?rev=1357751&r1=1357750&r2=1357751&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java (original)
+++ hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java Thu Jul 5 17:23:58 2012
@@ -40,6 +40,7 @@ import org.apache.hadoop.security.token.
import org.apache.hadoop.util.ReflectionUtils;
import javax.net.SocketFactory;
+import javax.security.sasl.SaslException;
import java.io.*;
import java.net.*;
import java.security.PrivilegedExceptionAction;
@@ -185,6 +186,14 @@ public class SecureClient extends HBaseC
* again.
* The other problem is to do with ticket expiry. To handle that,
* a relogin is attempted.
+ * <p>
+ * The retry logic is governed by the {@link #shouldAuthenticateOverKrb}
+ * method. In case when the user doesn't have valid credentials, we don't
+ * need to retry (from cache or ticket). In such cases, it is prudent to
+ * throw a runtime exception when we receive a SaslException from the
+ * underlying authentication implementation, so there is no retry from
+ * other high level (for eg, HCM or HBaseAdmin).
+ * </p>
*/
private synchronized void handleSaslConnectionFailure(
final int currRetries,
@@ -222,8 +231,16 @@ public class SecureClient extends HBaseC
LOG.warn("Exception encountered while connecting to " +
"the server : " + ex);
}
- if (ex instanceof RemoteException)
+ if (ex instanceof RemoteException) {
throw (RemoteException)ex;
+ }
+ if (ex instanceof SaslException) {
+ String msg = "SASL authentication failed." +
+ " The most likely cause is missing or invalid credentials." +
+ " Consider 'kinit'.";
+ LOG.fatal(msg, ex);
+ throw new RuntimeException(msg, ex);
+ }
throw new IOException(ex);
}
});