sodonnel commented on a change in pull request #3579:
URL: https://github.com/apache/hadoop/pull/3579#discussion_r734609777
##########
File path:
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
##########
@@ -909,6 +898,35 @@ public AuthMethod run()
connectingThread.set(null);
}
}
+
+ private void setFallBackToSimpleAuth(AtomicBoolean fallbackToSimpleAuth)
+ throws IOException {
+ if (fallbackToSimpleAuth == null) {
+ LOG.trace("Connection {} skips setting fallbackToSimpleAuth as it is
null.", remoteId);
+ return;
+ }
+ if (authMethod == null) {
+ // setupIOStreams() will set up authMethod first, then call this
method again.
+ return;
+ }
+ LOG.trace(
+ "Setting fallbackToSimpleAuth. AuthMethod is {}. Fallback allowed by
configuration: {}. "
+ + "Security is {}.",
+ authMethod, fallbackAllowed,
+ UserGroupInformation.isSecurityEnabled() ? "enabled" : "disabled");
+ if (authMethod != AuthMethod.SIMPLE) {
+ LOG.trace("Disabling fallbackToSimpleAuth target does not require
SIMPLE authentication.");
+ fallbackToSimpleAuth.set(false);
+ } else if (UserGroupInformation.isSecurityEnabled()) {
+ if (!fallbackAllowed) {
+ throw new IOException("Server asks us to fall back to SIMPLE auth,
but this client is "
Review comment:
Should we throw AccessControlException here rather than IOE, as that is
what the original code did?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
