[
https://issues.apache.org/jira/browse/HADOOP-15808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16636928#comment-16636928
]
Steve Loughran commented on HADOOP-15808:
-----------------------------------------
Checkstyle is minor, test failure not.
{code}
[ERROR] TestSaslRPC.testKerberosServer:692->assertAuthEquals:929
[ERROR] TestSaslRPC.testKerberosServer:692->assertAuthEquals:929
[ERROR] TestSaslRPC.testKerberosServer:692->assertAuthEquals:929
[ERROR] TestSaslRPC.testKerberosServer:692->assertAuthEquals:929
[ERROR] TestSaslRPC.testKerberosServer:692->assertAuthEquals:929
[ERROR] TestSaslRPC.testNoClientFallbackToSimple:575->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testNoClientFallbackToSimple:575->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testNoClientFallbackToSimple:575->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testNoClientFallbackToSimple:575->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testNoClientFallbackToSimple:575->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServerWithTokens:622->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServerWithTokens:622->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServerWithTokens:622->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServerWithTokens:622->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServerWithTokens:622->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServer:563->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServer:563->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServer:563->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServer:563->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testSimpleServer:563->assertAuthEquals:923
expected:<[SIMPLE]> but was:<[java.lang.IllegalStateException: Unknown/Unloaded
token identifier for token kind ]>
[ERROR] TestSaslRPC.testTokenOnlyServer:661->assertAuthEquals:929
[ERROR] TestSaslRPC.testTokenOnlyServer:661->assertAuthEquals:929
[ERROR] TestSaslRPC.testTokenOnlyServer:661->assertAuthEquals:929
[ERROR] TestSaslRPC.testTokenOnlyServer:661->assertAuthEquals:929
[ERROR] TestSaslRPC.testTokenOnlyServer:661->assertAuthEquals:929
{code}
I'm going to conclude that making the existing token check code check for
null-nes breaks those few bits of code which actually expect it, and that a
stricter method is going to have to go in, even if it's just some utility
wrapper we can put around 95% of uses of decodeIdentifier in the hadoop code
itself
> Harden Token service loader use
> -------------------------------
>
> Key: HADOOP-15808
> URL: https://issues.apache.org/jira/browse/HADOOP-15808
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.9.1, 3.1.2
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Major
> Attachments: HADOOP-15808-001.patch
>
>
> The Hadoop token service loading (identifiers, renewers...) works provided
> there's no problems loading any registered implementation. If there's a
> classloading or classcasting problem, the exception raised will stop all
> token support working; possibly the application not starting.
> This matters for S3A/HADOOP-14556 as things may not load if aws-sdk isn't on
> the classpath. It probably lurks in the wasb/abfs support too, but things
> have worked there because the installations with DT support there have always
> had correctly set up classpaths.
> Fix: do what we did for the FS service loader. Catch failures to instantiate
> a service provider impl and skip it
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
