[
https://issues.apache.org/jira/browse/HDFS-6588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14041337#comment-14041337
]
Yongjun Zhang commented on HDFS-6588:
-------------------------------------
Thanks Jing.
I found that the getTrueCause() method interacts with the following code
{code}
@Override
public byte[] retrievePassword(
DelegationTokenIdentifier identifier) throws InvalidToken {
try {
// this check introduces inconsistency in the authentication to a
// HA standby NN. non-token auths are allowed into the namespace which
// decides whether to throw a StandbyException. tokens are a bit
// different in that a standby may be behind and thus not yet know
// of all tokens issued by the active NN. the following check does
// not allow ANY token auth, however it should allow known tokens in
namesystem.checkOperation(OperationCategory.READ);
} catch (StandbyException se) {
// FIXME: this is a hack to get around changing method signatures by
// tunneling a non-InvalidToken exception as the cause which the
// RPC server will unwrap before returning to the client
InvalidToken wrappedStandby = new InvalidToken("StandbyException");
wrappedStandby.initCause(se);
throw wrappedStandby;
}
{code}
in DelegationTokenSecretManager.java introduced by HADOOP-9880.
If we remove the getTrueCause() logic, at minimum, still need to retain the
logic (currently in getTrueCause) to return the InvalidToken exception that's
wrapped by SaslException.
> Investigating removing getTrueCause method in Server.java
> ---------------------------------------------------------
>
> Key: HDFS-6588
> URL: https://issues.apache.org/jira/browse/HDFS-6588
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security, webhdfs
> Affects Versions: 2.5.0
> Reporter: Yongjun Zhang
> Assignee: Yongjun Zhang
>
> When addressing Daryn Sharp's comment for HDFS-6475 quoted below:
> {quote}
> What I'm saying is I think the patch adds too much unnecessary code. Filing
> an improvement to delete all but a few lines of the code changed in this
> patch seems a bit odd. I think you just need to:
> - Delete getTrueCause entirely instead of moving it elsewhere
> - In saslProcess, just throw the exception instead of running it through
> getTrueCause since it's not a "InvalidToken wrapping another exception"
> anymore.
> - Keep your 3-line change to unwrap SecurityException in toResponse
> {quote}
> There are multiple test failures, after making the suggested changes, Filing
> this jira to dedicate to the investigation of removing getTrueCause method.
> More detail will be put in the first comment.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
