GitHub user zjffdu reopened a pull request:

    https://github.com/apache/zeppelin/pull/2104

    ZEPPELIN-2224. Throw more meaningful exception when kerberos is enabled in 
livy interpreter

    ### What is this PR for?
    In kerberos enviroment, user would get the following exception is 
impersonation configuration is not correctly. This is not so useful for users. 
This PR would print more meaning exception for users. 
    
    ```
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden at 
    
org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
 at 
    
org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667)
 at 
    
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620) at 
    
org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202)
 at 
    
org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67)
 at 
    
org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191)
 at java.security.AccessController.doPrivileged(Native Method) at 
    javax.security.auth.Subject.doAs(Subject.java:360) at 
    
org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187)
 at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) 
at 
    org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498) 
at 
    
org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:406)
 at 
    
org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:192)
 at 
    
org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:98)
 at 
    
org.apache.zeppelin.livy.BaseLivyInterprereter.open(BaseLivyInterprereter.java:80)
 at 
    
org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
    ```
    
    ### What type of PR is it?
    [Improvement]
    
    ### Todos
    * [ ] - Task
    
    ### What is the Jira issue?
    * https://issues.apache.org/jira/browse/ZEPPELIN-2224
    
    ### How should this be tested?
    Tested manually in secured cluster.
    
    ### Screenshots (if appropriate)
    
    Before this PR
    
    
    ```
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden at 
    
org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
 at 
    
org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667)
 at 
    
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620) at 
    
org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202)
 at 
    
org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67)
 at 
org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191)
 at java.security.AccessController.doPrivileged(Native Method) at 
    javax.security.auth.Subject.doAs(Subject.java:360) at 
    
org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187)
 at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) 
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498) 
at 
org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:406)
 at 
    
org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:192)
 at 
    
org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:98)
 at 
    
org.apache.zeppelin.livy.BaseLivyInterprereter.open(BaseLivyInterprereter.java:80)
 at 
    
org.apache.zeppelin.interpreter.LazyOpenInterpreter.open(LazyOpenInterpreter.java:69)
    ```
    
    After this PR
    ```
    org.apache.zeppelin.livy.LivyException: {"msg":"User 'zeppelin-sandbox' not 
allowed to impersonate 'Some(user1)'."}
    org.springframework.web.client.HttpClientErrorException: 403 Forbidden
        at 
org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
        at 
org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667)
        at 
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:620)
        at 
org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202)
        at 
org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67)
        at 
org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at 
org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187)
        at 
org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580)
        at 
org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498)
        at 
org.apache.zeppelin.livy.BaseLivyInterprereter.callRestAPI(BaseLivyInterprereter.java:407)
        at 
org.apache.zeppelin.livy.BaseLivyInterprereter.createSession(BaseLivyInterprereter.java:193)
        at 
org.apache.zeppelin.livy.BaseLivyInterprereter.initLivySession(BaseLivyInterprereter.java:99)
    ```
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? No
    * Does this needs documentation? No


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/zjffdu/zeppelin ZEPPELIN-2224

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2104.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2104
    
----
commit df49a2c399458668e7e104968a6cc2eeae980415
Author: Jeff Zhang <zjf...@apache.org>
Date:   2017-03-07T07:02:37Z

    ZEPPELIN-2224. Throw more meaningful exception when kerberos is enabled in 
livy interpreter

commit c9041ed07034422d4f0347841284cebb68bac608
Author: Jeff Zhang <zjf...@apache.org>
Date:   2017-03-07T07:38:29Z

    code cleanup

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to