[ https://issues.apache.org/jira/browse/HBASE-27526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Beibei Zhao updated HBASE-27526: -------------------------------- Summary: NettyHBaseSaslRpcServerHandler.channelRead0 forget an auditlog missing problem. (was: NettyHBaseSaslRpcServerHandler..) > NettyHBaseSaslRpcServerHandler.channelRead0 forget an auditlog missing > problem. > ------------------------------------------------------------------------------- > > Key: HBASE-27526 > URL: https://issues.apache.org/jira/browse/HBASE-27526 > Project: HBase > Issue Type: Bug > Reporter: Beibei Zhao > Priority: Major > > In other methods such as SimpleServerRpcConnection.saslReadAndProcess, they > always record "AUTH_FAILED_FOR" for an exception, and "AUTH_SUCCESSFUL_FOR" > after task is completed like this: > {code:java} > private void saslReadAndProcess(ByteBuff saslToken) throws IOException, > InterruptedException { > ...... > } catch (IOException e) { > ...... > // attempting user could be null > RpcServer.AUDITLOG.warn("{}{}: {}", RpcServer.AUTH_FAILED_FOR, > clientIP, > saslServer.getAttemptingUser()); > throw e; > } > ...... > if (saslServer.isComplete()) { > ...... > RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi); > ...... > } > } > } > {code} > but NettyHBaseSaslRpcServerHandler.channelRead0 only record > "AUTH_SUCCESSFUL_FOR" in finishSaslNegotiation, and just throw Exception > without record "AUTH_FAILED_FOR": > {code:java} > protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws > Exception { > ...... > if (saslServer.isComplete()) { > conn.finishSaslNegotiation(); > ...... > } > } > void finishSaslNegotiation() throws IOException { > ...... > RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi); > } > {code} > So I think an exceptionCaught should be called here: > {code:java} > public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) > throws Exception { > LOG.error("Error when doing SASL handshade, provider={}", conn.provider, > cause); > Throwable sendToClient = HBaseSaslRpcServer.unwrap(cause); > doResponse(ctx, SaslStatus.ERROR, null, sendToClient.getClass().getName(), > sendToClient.getLocalizedMessage()); > rpcServer.metrics.authenticationFailure(); > String clientIP = this.toString(); > // attempting user could be null > RpcServer.AUDITLOG.warn("{}{}: {}", RpcServer.AUTH_FAILED_FOR, clientIP, > conn.saslServer != null ? conn.saslServer.getAttemptingUser() : > "Unknown"); > NettyFutureUtils.safeClose(ctx); > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)