[jira] [Updated] (HADOOP-16958) NPE when hadoop.security.authorization is enabled but the input PolicyProvider for ZKFCRpcServer is NULL

[Ayush Saxena (Jira)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-16958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ayush Saxena updated HADOOP-16958:
----------------------------------
    Fix Version/s: 3.4.0
     Hadoop Flags: Reviewed
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> NPE when hadoop.security.authorization is enabled but the input 
> PolicyProvider for ZKFCRpcServer is NULL
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-16958
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16958
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: common, ha
>    Affects Versions: 3.2.1
>            Reporter: Ctest
>            Assignee: Ctest
>            Priority: Critical
>             Fix For: 3.4.0
>
>         Attachments: HADOOP-16958.000.patch, HADOOP-16958.001.patch, 
> HADOOP-16958.002.patch, HADOOP-16958.003.patch, HADOOP-16958.004.patch
>
>
> During initialization, ZKFCRpcServer refreshes the service authorization ACL 
> for the service handled by this server if config 
> hadoop.security.authorization is enabled, by calling refreshServiceAcl with 
> the input PolicyProvider and Configuration.
> {code:java}
> ZKFCRpcServer(Configuration conf,
>  InetSocketAddress bindAddr,
>  ZKFailoverController zkfc,
>  PolicyProvider policy) throws IOException {
>  this.server = ...
>  
>  // set service-level authorization security policy
>  if (conf.getBoolean(
>  CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
>  server.refreshServiceAcl(conf, policy);
>  }
> }{code}
> refreshServiceAcl calls 
> ServiceAuthorizationManager#refreshWithLoadedConfiguration which directly 
> gets services from the provider with provider.getServices(). When the 
> provider is NULL, the code throws NPE without an informative message. In 
> addition, the default value of config 
> `hadoop.security.authorization.policyprovider` (which controls PolicyProvider 
> here) is NULL and the only usage of ZKFCRpcServer initializer provides only 
> an abstract method getPolicyProvider which does not enforce that 
> PolicyProvider should not be NULL.
> The suggestion here is to either add a guard check or exception handling with 
> an informative logging message on ZKFCRpcServer to handle input 
> PolicyProvider being NULL.
>  
> I am very happy to provide a patch for it if the issue is confirmed :)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org