joshelser commented on a change in pull request #884: HBASE-23347 Allowable
custom authentication methods for RPCs
URL: https://github.com/apache/hbase/pull/884#discussion_r359013347
##########
File path:
hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
##########
@@ -391,40 +392,49 @@ private void handleSaslConnectionFailure(final int
currRetries, final int maxRet
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws IOException, InterruptedException {
- if (shouldAuthenticateOverKrb()) {
- if (currRetries < maxRetries) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Exception encountered while connecting to " +
- "the server : " + StringUtils.stringifyException(ex));
- }
- // try re-login
- relogin();
- disposeSasl();
- // have granularity of milliseconds
- // we are sleeping with the Connection lock held but since this
- // connection instance is being used for connecting to the server
- // in question, it is okay
-
Thread.sleep(ThreadLocalRandom.current().nextInt(reloginMaxBackoff) + 1);
- return null;
- } else {
- String msg = "Couldn't setup connection for "
- + UserGroupInformation.getLoginUser().getUserName() + " to " +
serverPrincipal;
- LOG.warn(msg, ex);
- throw new IOException(msg, ex);
+ // A provider which failed authentication, but doesn't have the
ability to relogin with
+ // some external system (e.g. username/password, the password either
works or it doesn't)
+ if (!provider.canRetry()) {
+ LOG.warn("Exception encountered while connecting to the server : " +
ex);
+ if (ex instanceof RemoteException) {
+ throw (RemoteException) ex;
}
- } else {
- LOG.warn("Exception encountered while connecting to " + "the server
: " + ex);
- }
- if (ex instanceof RemoteException) {
- throw (RemoteException) ex;
+ if (ex instanceof SaslException) {
+ String msg = "SASL authentication failed."
+ + " The most likely cause is missing or invalid credentials.
Consider 'kinit'.";
+ LOG.error(HBaseMarkers.FATAL, msg, ex);
+ throw new RuntimeException(msg, ex);
+ }
+ throw new IOException(ex);
}
- if (ex instanceof SaslException) {
- String msg = "SASL authentication failed."
- + " The most likely cause is missing or invalid credentials." +
" Consider 'kinit'.";
- LOG.error(HBaseMarkers.FATAL, msg, ex);
- throw new RuntimeException(msg, ex);
+
+ // Other providers, like kerberos, could request a new ticket from a
keytab. Let
+ // them try again.
+ if (currRetries < maxRetries) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Exception encountered while connecting to " +
+ "the server : " + StringUtils.stringifyException(ex));
+ }
+
+ // Invoke the provider to perform the relogin
+ provider.relogin();
+
+ // Get rid of any old state on the SaslClient
+ disposeSasl();
+
+ // have granularity of milliseconds
+ // we are sleeping with the Connection lock held but since this
+ // connection instance is being used for connecting to the server
+ // in question, it is okay
+ Thread.sleep(ThreadLocalRandom.current().nextInt(reloginMaxBackoff)
+ 1);
Review comment:
No, the compiler can auto-box this just fine.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
