[
https://issues.apache.org/jira/browse/FALCON-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13917098#comment-13917098
]
Srikanth Sundarrajan commented on FALCON-326:
---------------------------------------------
On second thoughts, it is better to stay the way it is, as even in simple mode
proxying user is possible. As [~svenkat] has pointed out already, FALCON-11 has
already been marked as incompatible due to change in user blacklisting behavior
We should include another item to that stating the requirement to create the
proxy config in both Oozie & hadoop with this version of Falcon. It might be
useful to create a top level INCOMPATIBLE-CHANGES.txt in the repo to keep track
of this. This would be useful to publish along with the next release.
> Falcon not returning ProxyOozieClient for Simple Authentication
> ----------------------------------------------------------------
>
> Key: FALCON-326
> URL: https://issues.apache.org/jira/browse/FALCON-326
> Project: Falcon
> Issue Type: Bug
> Components: common
> Environment: QA InMobi
> Reporter: Samarth Gupta
> Assignee: Srikanth Sundarrajan
> Priority: Blocker
>
> After the security patch been merged as per JIRA
> https://issues.apache.org/jira/browse/FALCON-16
> Changes are not backward compatible since same setup worked perfectly fine
> with old falcon builds before security patch.
> all submit / schedule request are failing in distributed mode, when falcon is
> being started with default "*.falcon.http.authentication.type=simple"
> The reason being falcon returns ProxyOozieClient for both simple and kerberos
> mode.
> error on submit entity :
> {code}
> 2014-02-28 12:00:31,787 ERROR V1AdminServlet:536 - USER[-] GROUP[-] TOKEN[-]
> APP[-] JOB[-] ACTION[-] URL[GET
> http://gs1001.grid.corp.inmobi.com:11000/oozie/v1/admin/status?doAs=samarth.gupta&user.name=samarth]
> error, User [samarth] not defined as proxyuser
> java.security.AccessControlException: User [samarth] not defined as proxyuser
> at
> org.apache.oozie.service.ProxyUserService.validate(ProxyUserService.java:148)
> at
> org.apache.oozie.servlet.JsonRestServlet.getUser(JsonRestServlet.java:553)
> at
> org.apache.oozie.servlet.JsonRestServlet.service(JsonRestServlet.java:278)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.oozie.servlet.AuthFilter$2.doFilter(AuthFilter.java:126)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
> at org.apache.oozie.servlet.AuthFilter.doFilter(AuthFilter.java:131)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.oozie.servlet.HostnameFilter.doFilter(HostnameFilter.java:84)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:701)
> {code}
> even if we bypass the above error by hardcoding the remote user, following
> error comes in schedule:
> {code}
> 014-02-28 12:24:23,323 ERROR -
> [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
> b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Failure reason
> (FalconWebException:39)
> org.apache.falcon.FalconException: AUTHENTICATION : E1400 : User [samarth]
> not defined as proxyuser
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:208)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:234)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:227)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.schedule(OozieWorkflowEngine.java:107)
> at
> org.apache.falcon.resource.AbstractSchedulableEntityManager.scheduleInternal(AbstractSchedulableEntityManager.java:68)
> at
> org.apache.falcon.resource.AbstractSchedulableEntityManager.schedule(AbstractSchedulableEntityManager.java:57)
> at
> org.apache.falcon.resource.SchedulableEntityManager.schedule(SchedulableEntityManager.java:85)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
> at
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
> at
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
> at
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
> at
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
> at
> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
> at
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
> at
> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
> at
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
> at
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
> at
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
> at
> org.apache.falcon.security.BasicAuthFilter$2.doFilter(BasicAuthFilter.java:156)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
> at
> org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at
> org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Caused by: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
> at
> org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:559)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:193)
> ... 46 more
> Caused by: E1400 : User [samarth] not defined as proxyuser
> at
> org.apache.oozie.client.OozieClient.handleError(OozieClient.java:508)
> at
> org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1186)
> at
> org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1165)
> at
> org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:479)
> at
> org.apache.oozie.client.OozieClient.getBundleJobsInfo(OozieClient.java:1518)
> at
> org.apache.oozie.client.ProxyOozieClient.access$2901(ProxyOozieClient.java:48)
> at
> org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:555)
> at
> org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:553)
> at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191)
> at
> org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:553)
> ... 47 more
> 2014-02-28 12:24:23,325 ERROR -
> [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
> b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Action failed: Bad Request
> Error:AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
> (FalconWebException:58)
> {code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
