You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Brahma Reddy Battula (Jira)" <ji...@apache.org> on 2020/04/09 18:50:01 UTC
[jira] [Updated] (HADOOP-14265) AuthenticatedURL swallows the
exception received from server.
[ https://issues.apache.org/jira/browse/HADOOP-14265?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brahma Reddy Battula updated HADOOP-14265:
------------------------------------------
Target Version/s: 3.4.0 (was: 3.3.0)
Bulk update: moved all 3.3.0 non-blocker issues, please move back if it is a blocker.
> AuthenticatedURL swallows the exception received from server.
> -------------------------------------------------------------
>
> Key: HADOOP-14265
> URL: https://issues.apache.org/jira/browse/HADOOP-14265
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Rushabh Shah
> Assignee: Rushabh Shah
> Priority: Major
>
> While debugging some issue with kms server, we found out that AuthenticatedURL swallows the original exception from server and constructed {{AuthenticationException}} with response code and response message.
> Below is the stack trace which didn't help in figuring out why the getDelegationTokens call failed.
> Due to lack of info logs on the kms server side also, this made the debugging even harder.
> {noformat}
> 2017-03-23 16:32:10,364 ERROR [HiveServer2-Background-Pool: Thread-17795] [] exec.Task (TezTask.java:execute(197)) - Failed to execute tez graph.
> java.io.IOException: java.lang.reflect.UndeclaredThrowableException
> at org.apache.hadoop.crypto.key.kms.KMSClientProvider.addDelegationTokens(KMSClientProvider.java:1042)
> at org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.addDelegationTokens(KeyProviderDelegationTokenExtension.java:110)
> at org.apache.hadoop.hdfs.DistributedFileSystem.addDelegationTokens(DistributedFileSystem.java:2444)
> at org.apache.tez.common.security.TokenCache.obtainTokensForFileSystemsInternal(TokenCache.java:107)
> at org.apache.tez.common.security.TokenCache.obtainTokensForFileSystemsInternal(TokenCache.java:86)
> at org.apache.tez.common.security.TokenCache.obtainTokensForFileSystems(TokenCache.java:76)
> at org.apache.tez.client.TezClientUtils.addLocalResources(TezClientUtils.java:301)
> at org.apache.tez.client.TezClientUtils.setupTezJarsLocalResources(TezClientUtils.java:180)
> at org.apache.tez.client.TezClient.getTezJarResources(TezClient.java:911)
> ...
> Caused by: java.lang.reflect.UndeclaredThrowableException
> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1954)
> at org.apache.hadoop.crypto.key.kms.KMSClientProvider.addDelegationTokens(KMSClientProvider.java:1023)
> ... 31 more
> Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, status: 403, message: Forbidden
> at org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:275)
> at org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:77)
> at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:132)
> at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:214)
> at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:132)
> at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:215)
> at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:298)
> at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.getDelegationToken(DelegationTokenAuthenticator.java:170)
> at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.getDelegationToken(DelegationTokenAuthenticatedURL.java:377)
> at org.apache.hadoop.crypto.key.kms.KMSClientProvider$5.run(KMSClientProvider.java:1028)
> at org.apache.hadoop.crypto.key.kms.KMSClientProvider$5.run(KMSClientProvider.java:1023)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1936)
> ... 32 more
> {noformat}
> Following is the relevant chunk of code from branch-2.8 but the code in trunk hasn't changed much.
> {code:title=AuthenticatedURL.java|borderStyle=solid}
> public static void extractToken(HttpURLConnection conn, Token token) throws IOException, AuthenticationException {
> int respCode = conn.getResponseCode();
> if (notExpectedResponseCode) {
> } else {
> token.set(null);
> throw new AuthenticationException("Authentication failed, status: " + conn.getResponseCode() + ", message: " + conn.getResponseMessage());
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org