[ https://issues.apache.org/jira/browse/HADOOP-16958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ctest updated HADOOP-16958: --------------------------- Flags: Patch > NullPointerException(NPE) when hadoop.security.authorization is enabled but > the input PolicyProvider for ZKFCRpcServer is NULL > ------------------------------------------------------------------------------------------------------------------------------ > > Key: HADOOP-16958 > URL: https://issues.apache.org/jira/browse/HADOOP-16958 > Project: Hadoop Common > Issue Type: Bug > Components: common, ha > Affects Versions: 3.2.1 > Reporter: Ctest > Priority: Critical > Attachments: HADOOP-16958.000.patch > > > During initialization, ZKFCRpcServer refreshes the service authorization ACL > for the service handled by this server if config > hadoop.security.authorization is enabled, by calling refreshServiceAcl with > the input PolicyProvider and Configuration. > {code:java} > ZKFCRpcServer(Configuration conf, > InetSocketAddress bindAddr, > ZKFailoverController zkfc, > PolicyProvider policy) throws IOException { > this.server = ... > > // set service-level authorization security policy > if (conf.getBoolean( > CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) { > server.refreshServiceAcl(conf, policy); > } > }{code} > refreshServiceAcl calls > ServiceAuthorizationManager#refreshWithLoadedConfiguration which directly > gets services from the provider with provider.getServices(). When the > provider is NULL, the code throws NPE without an informative message. In > addition, the default value of config > `hadoop.security.authorization.policyprovider` (which controls PolicyProvider > here) is NULL and the only usage of ZKFCRpcServer initializer provides only > an abstract method getPolicyProvider which does not enforce that > PolicyProvider should not be NULL. > The suggestion here is to either add a guard check or exception handling with > an informative logging message on ZKFCRpcServer to handle input > PolicyProvider being NULL. > > I am very happy to provide a patch for it if the issue is confirmed :) -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org