[
https://issues.apache.org/jira/browse/HADOOP-16958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17082663#comment-17082663
]
Hudson commented on HADOOP-16958:
---------------------------------
SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #18139 (See
[https://builds.apache.org/job/Hadoop-trunk-Commit/18139/])
HADOOP-16958. NPE when hadoop.security.authorization is enabled but the
(ayushsaxena: rev 3edbe8708a80128d2aeae20582866536a6b56f6b)
* (edit)
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/ZKFCRpcServer.java
* (edit)
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ha/TestZKFailoverController.java
> NPE when hadoop.security.authorization is enabled but the input
> PolicyProvider for ZKFCRpcServer is NULL
> --------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-16958
> URL: https://issues.apache.org/jira/browse/HADOOP-16958
> Project: Hadoop Common
> Issue Type: Bug
> Components: common, ha
> Affects Versions: 3.2.1
> Reporter: Ctest
> Assignee: Ctest
> Priority: Critical
> Fix For: 3.4.0
>
> Attachments: HADOOP-16958.000.patch, HADOOP-16958.001.patch,
> HADOOP-16958.002.patch, HADOOP-16958.003.patch, HADOOP-16958.004.patch
>
>
> During initialization, ZKFCRpcServer refreshes the service authorization ACL
> for the service handled by this server if config
> hadoop.security.authorization is enabled, by calling refreshServiceAcl with
> the input PolicyProvider and Configuration.
> {code:java}
> ZKFCRpcServer(Configuration conf,
> InetSocketAddress bindAddr,
> ZKFailoverController zkfc,
> PolicyProvider policy) throws IOException {
> this.server = ...
>
> // set service-level authorization security policy
> if (conf.getBoolean(
> CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
> server.refreshServiceAcl(conf, policy);
> }
> }{code}
> refreshServiceAcl calls
> ServiceAuthorizationManager#refreshWithLoadedConfiguration which directly
> gets services from the provider with provider.getServices(). When the
> provider is NULL, the code throws NPE without an informative message. In
> addition, the default value of config
> `hadoop.security.authorization.policyprovider` (which controls PolicyProvider
> here) is NULL and the only usage of ZKFCRpcServer initializer provides only
> an abstract method getPolicyProvider which does not enforce that
> PolicyProvider should not be NULL.
> The suggestion here is to either add a guard check or exception handling with
> an informative logging message on ZKFCRpcServer to handle input
> PolicyProvider being NULL.
>
> I am very happy to provide a patch for it if the issue is confirmed :)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
