You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2012/07/05 19:23:58 UTC

svn commit: r1357751 - /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java

Author: apurtell
Date: Thu Jul  5 17:23:58 2012
New Revision: 1357751

URL: http://svn.apache.org/viewvc?rev=1357751&view=rev
Log:
HBASE-6314. Fast fail behavior for unauthenticated user (Himanshu Vashishtha)

Modified:
    hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java

Modified: hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java?rev=1357751&r1=1357750&r2=1357751&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java (original)
+++ hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java Thu Jul  5 17:23:58 2012
@@ -40,6 +40,7 @@ import org.apache.hadoop.security.token.
 import org.apache.hadoop.util.ReflectionUtils;
 
 import javax.net.SocketFactory;
+import javax.security.sasl.SaslException;
 import java.io.*;
 import java.net.*;
 import java.security.PrivilegedExceptionAction;
@@ -185,6 +186,14 @@ public class SecureClient extends HBaseC
      * again.
      * The other problem is to do with ticket expiry. To handle that,
      * a relogin is attempted.
+     * <p>
+     * The retry logic is governed by the {@link #shouldAuthenticateOverKrb}
+     * method. In case when the user doesn't have valid credentials, we don't
+     * need to retry (from cache or ticket). In such cases, it is prudent to
+     * throw a runtime exception when we receive a SaslException from the
+     * underlying authentication implementation, so there is no retry from 
+     * other high level (for eg, HCM or HBaseAdmin).
+     * </p>
      */
     private synchronized void handleSaslConnectionFailure(
         final int currRetries,
@@ -222,8 +231,16 @@ public class SecureClient extends HBaseC
             LOG.warn("Exception encountered while connecting to " +
                 "the server : " + ex);
           }
-          if (ex instanceof RemoteException)
+          if (ex instanceof RemoteException) {
             throw (RemoteException)ex;
+          }
+          if (ex instanceof SaslException) {
+            String msg = "SASL authentication failed." +
+              " The most likely cause is missing or invalid credentials." +
+              " Consider 'kinit'.";
+            LOG.fatal(msg, ex);
+            throw new RuntimeException(msg, ex);
+          }
           throw new IOException(ex);
         }
       });