joshelser commented on a change in pull request #884: HBASE-23347 Allowable custom authentication methods for RPCs URL: https://github.com/apache/hbase/pull/884#discussion_r359013347
########## File path: hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java ########## @@ -391,40 +392,49 @@ private void handleSaslConnectionFailure(final int currRetries, final int maxRet user.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws IOException, InterruptedException { - if (shouldAuthenticateOverKrb()) { - if (currRetries < maxRetries) { - if (LOG.isDebugEnabled()) { - LOG.debug("Exception encountered while connecting to " + - "the server : " + StringUtils.stringifyException(ex)); - } - // try re-login - relogin(); - disposeSasl(); - // have granularity of milliseconds - // we are sleeping with the Connection lock held but since this - // connection instance is being used for connecting to the server - // in question, it is okay - Thread.sleep(ThreadLocalRandom.current().nextInt(reloginMaxBackoff) + 1); - return null; - } else { - String msg = "Couldn't setup connection for " - + UserGroupInformation.getLoginUser().getUserName() + " to " + serverPrincipal; - LOG.warn(msg, ex); - throw new IOException(msg, ex); + // A provider which failed authentication, but doesn't have the ability to relogin with + // some external system (e.g. username/password, the password either works or it doesn't) + if (!provider.canRetry()) { + LOG.warn("Exception encountered while connecting to the server : " + ex); + if (ex instanceof RemoteException) { + throw (RemoteException) ex; } - } else { - LOG.warn("Exception encountered while connecting to " + "the server : " + ex); - } - if (ex instanceof RemoteException) { - throw (RemoteException) ex; + if (ex instanceof SaslException) { + String msg = "SASL authentication failed." + + " The most likely cause is missing or invalid credentials. Consider 'kinit'."; + LOG.error(HBaseMarkers.FATAL, msg, ex); + throw new RuntimeException(msg, ex); + } + throw new IOException(ex); } - if (ex instanceof SaslException) { - String msg = "SASL authentication failed." - + " The most likely cause is missing or invalid credentials." + " Consider 'kinit'."; - LOG.error(HBaseMarkers.FATAL, msg, ex); - throw new RuntimeException(msg, ex); + + // Other providers, like kerberos, could request a new ticket from a keytab. Let + // them try again. + if (currRetries < maxRetries) { + if (LOG.isDebugEnabled()) { + LOG.debug("Exception encountered while connecting to " + + "the server : " + StringUtils.stringifyException(ex)); + } + + // Invoke the provider to perform the relogin + provider.relogin(); + + // Get rid of any old state on the SaslClient + disposeSasl(); + + // have granularity of milliseconds + // we are sleeping with the Connection lock held but since this + // connection instance is being used for connecting to the server + // in question, it is okay + Thread.sleep(ThreadLocalRandom.current().nextInt(reloginMaxBackoff) + 1); Review comment: No, the compiler can auto-box this just fine. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services