[jira] [Commented] (HDFS-6588) Investigating removing getTrueCause method in Server.java

Mon, 14 Jul 2014 22:58:24 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14061715#comment-14061715
 ] 

Yongjun Zhang commented on HDFS-6588:
-------------------------------------

Hi [~daryn], [~jingzhao] and [~atm],

Thanks you all for reviewing HDFS_6475 earlier. Sorry for some delay to follow 
up with this jira because I took some time off.  I just attached a patch. Your 
review and input is highly appreciated.

Some quick summary of the patch:

1. Changed AbstractDelegationTokenSecretManager.verifyToken to call 
retriableRetrievePassword instead of retrievePassword, so it can throw 
StandbyException. Changed exception specification of related methods.

2. Revised the logic in ExceptionHandler and the test I added for HDFS-6475, so 
now we handle the case that SecurityException that directly wraps 
StandbyException (no InvalidToken in between)

3. Largely dropped the logic of getTrueCause. One thing I noticed is, there is 
a scenario that SaslException wraps InvalidToken as cause, which need to be 
handled by saslProcess method of Server class. So I didn't totally remove the 
getTrueCause method. Instead, I left the code to handle this scenario as the 
only logic there.  As a result, Server.java no longer explicitly depends on 
StandbyException and RetriableException.

Removing getTrueCause method as a whole caused the test failure reported in 
this jira, because of the above described scenario.  

The stack looks like
{code}
14/07/14 10:42:28 WARN ipc.Server: Auth failed for 127.0.0.1:58082:null 
(DIGEST-MD5: IO error acquiring password)
javax.security.sasl.SaslException: DIGEST-MD5: IO error acquiring password 
[Caused by org.apache.hadoop.security.token.SecretManager$InvalidToken: Token 
is invalid]
        at 
com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:594)
        at 
com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.java:244)
        at 
org.apache.hadoop.ipc.Server$Connection.processSaslToken(Server.java:1413)
        at 
org.apache.hadoop.ipc.Server$Connection.processSaslMessage(Server.java:1390)
        at org.apache.hadoop.ipc.Server$Connection.saslProcess(Server.java:1289)
        at 
org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess(Server.java:1244)
        at 
org.apache.hadoop.ipc.Server$Connection.processRpcOutOfBandRequest(Server.java:1953)
        at 
org.apache.hadoop.ipc.Server$Connection.processOneRpc(Server.java:1826)
        at 
org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1569)
        at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:753)
        at 
org.apache.hadoop.ipc.Server$Listener$Reader.doRunLoop(Server.java:627)
        at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:598)
Caused by: org.apache.hadoop.security.token.SecretManager$InvalidToken: Token 
is invalid
        at 
org.apache.hadoop.ipc.TestSaslRPC$BadTokenSecretManager.retrievePassword(TestSaslRPC.java:268)
        at 
org.apache.hadoop.ipc.TestSaslRPC$TestTokenSecretManager.retrievePassword(TestSaslRPC.java:1)
        at 
org.apache.hadoop.security.token.SecretManager.retriableRetrievePassword(SecretManager.java:91)
        at 
org.apache.hadoop.security.SaslRpcServer$SaslDigestCallbackHandler.getPassword(SaslRpcServer.java:275)
        at 
org.apache.hadoop.security.SaslRpcServer$SaslDigestCallbackHandler.handle(SaslRpcServer.java:302)
        at 
com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:585)
        ... 11 more
{code}

Thanks.


> Investigating removing getTrueCause method in Server.java
> ---------------------------------------------------------
>
>                 Key: HDFS-6588
>                 URL: https://issues.apache.org/jira/browse/HDFS-6588
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security, webhdfs
>    Affects Versions: 2.5.0
>            Reporter: Yongjun Zhang
>            Assignee: Yongjun Zhang
>         Attachments: HDFS-6588.001.patch
>
>
> When addressing Daryn Sharp's comment for HDFS-6475 quoted below:
> {quote}
> What I'm saying is I think the patch adds too much unnecessary code. Filing 
> an improvement to delete all but a few lines of the code changed in this 
> patch seems a bit odd. I think you just need to:
> - Delete getTrueCause entirely instead of moving it elsewhere
> - In saslProcess, just throw the exception instead of running it through 
> getTrueCause since it's not a "InvalidToken wrapping another exception" 
> anymore.
> - Keep your 3-line change to unwrap SecurityException in toResponse
> {quote}
> There are multiple test failures, after making the suggested changes, Filing 
> this jira to dedicate to the investigation of removing getTrueCause method.
> More detail will be put in the first comment.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to