Re: [PR] HIVE-28594: Handle the issue on HS2 WebUI's LDAP authentication [hive]

[via GitHub]

dengzhhu653 commented on PR #5561:
URL: https://github.com/apache/hive/pull/5561#issuecomment-2505217417

   > Hi @dengzhhu653, Thanks for fixing this issue. I tested this commit 
downstream on a cloud env. Backported on downstream, built and deployed custom 
jars to a cloud env. Unfortunately the WebUI wasn't working. When tried to open 
the Web UI in a browser, it wasn't able to open the Login page and the 
following error was found in HS2 log:
   > 
   > ```
   > │ <11>1 2024-11-28T01:31:29.868Z hiveserver2-0 hiveserver2 1 
7c0d2086-7607-4aff-90df-2359368191dd [mdc@38374 class="ldap.LdapAuthService" 
level="ERROR" thread="hiveserver2-web-84"] Error in authenticating HTTP 
request\rorg.apache.hive.service.auth.ldap.HttpEmptyAuthenticationExc │
   > │ eption: Authorization header received from the client is empty.\r    at 
org.apache.hive.service.auth.HttpAuthService.getAuthHeader(HttpAuthService.java:238)\r
    at 
org.apache.hive.service.auth.HttpAuthService.getAuthHeaderDecodedString(HttpAuthService.java:217)\r
    at org.ap │
   > │ 
ache.hive.service.auth.HttpAuthService.getUsername(HttpAuthService.java:188)\r  
  at 
org.apache.hive.service.auth.ldap.LdapAuthService.authenticate(LdapAuthService.java:65)\r
    at 
org.apache.hive.service.servlet.LDAPAuthenticationFilter.doFilter(LDAPAuthenticationFilter.java:
 │
   > │ 49)\r    at 
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)\r    at 
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)\r
    at 
org.apache.hive.http.HttpServer$QuotingInputFilter.doFilter(HttpServer.java:999)\r
    at org.ecl │
   > │ ipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)\r    at 
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)\r
    at 
org.apache.hadoop.security.http.CrossOriginFilter.doFilter(CrossOriginFilter.java:98)\r
    at org.eclipse.jetty.ser │
   > │ vlet.FilterHolder.doFilter(FilterHolder.java:193)\r    at 
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)\r
    at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552)\r    
at org.eclipse.jetty.server.handler.ScopedHandler │
   > │ .handle(ScopedHandler.java:143)\r    at 
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)\r   
 at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\r
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedH │
   > │ andler.java:235)\r    at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\r
    at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\r
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler │
   > │ .java:1440)\r    at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\r
    at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\r    
at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\r
    │
   > │  at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\r
    at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\r
    at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\r 
   at org.ecli │
   > │ 
pse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\r    at 
org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322)\r
    at 
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)\r
    at  │
   > │ 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\r
    at org.eclipse.jetty.server.Server.handle(Server.java:516)\r    at 
org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\r    
at org.eclipse.jetty.server.HttpChannel.dispa │
   > │ tch(HttpChannel.java:732)\r    at 
org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\r    at 
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\r   
 at 
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.jav
 │
   > │ a:311)\r    at 
org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\r    at 
org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\r    at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)\r
    at org.eclipse.jett │
   > │ 
y.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)\r    
at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)\r
    at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)\r
    at org.ecl │
   > │ 
ipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)\r
    at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\r
    at 
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:10
 │
   > │ 34)\r    at java.base/java.lang.Thread.run(Thread.java:829)\r    
   > ```
   I think this message is printed by 
https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/ldap/LdapAuthService.java#L80
 and can be ignored, maybe we can change the level to debug in case of 
`AuthenticationException`
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org