[
https://issues.apache.org/jira/browse/KYLIN-3223?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vsevolod Ostapenko updated KYLIN-3223:
--------------------------------------
Description:
Calling REST API to get the list of hybrid cubes returns stack trace with NPE
exception.
{quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {}
[http://localhost:7070/kylin/api/hybrids]
{quote}
If a parameter project without a value is specified, call succeeds. E.g.
{quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {}
[http://localhost:7070/kylin/api/hybrids?project]
{quote}
Quick look at the HybridService.java suggests that there is a bug in the code,
where the very first line tries to check ACLs on the project using the project
name, which is NULL, when project parameter is not specified as part of the URL.
If parameter is specified without a value, ACL check is not performed, so it's
another bug, as the list of projects is retrieved without read permission
checking.
was:
Calling REST API to get the list of hybrid cubes returns stack trace with NPE
exception.
{quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {}
[http://localhost:7070/kylin/api/hybrids]
{"code":"999","data":null,"msg":null,"stacktrace":"java.lang.NullPointerException\n\tat
java.util.concurrent.ConcurrentSkipListMap.doGet(ConcurrentSkipListMap.java:778)\n\tat
java.util.concurrent.ConcurrentSkipListMap.get(ConcurrentSkipListMap.java:1546)\n\tat
org.apache.kylin.metadata.cachesync.SingleValueCache.get(SingleValueCache.java:85)\n\tat
org.apache.kylin.metadata.project.ProjectManager.getProject(ProjectManager.java:172)\n\tat
org.apache.kylin.rest.util.AclEvaluate.getProjectInstance(AclEvaluate.java:39)\n\tat
org.apache.kylin.rest.util.AclEvaluate.checkProjectReadPermission(AclEvaluate.java:61)\n\tat
org.apache.kylin.rest.service.HybridService.listHybrids(HybridService.java:115)\n\tat
org.apache.kylin.rest.controller.HybridController.list(HybridController.java:76)\n\tat
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tat
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat
java.lang.reflect.Method.invoke(Method.java:497)\n\tat
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)\n\tat
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)\n\tat
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)\n\tat
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)\n\tat
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)\n\tat
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)\n\tat
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)\n\tat
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)\n\tat
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)\n\tat
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)\n\tat
javax.servlet.http.HttpServlet.service(HttpServlet.java:624)\n\tat
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)\n\tat
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tat
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)\n\tat
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\n\tat
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tat
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\n\tat
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)\n\tat
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)\n\tat
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:215)\n\tat
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)\n\tat
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)\n\tat
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)\n\tat
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)\n\tat
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)\n\tat
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)\n\tat
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)\n\tat
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)\n\tat
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\n\tat
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\n\tat
com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)\n\tat
com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)\n\tat
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\n\tat
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\n\tat
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)\n\tat
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)\n\tat
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)\n\tat
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)\n\tat
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\tat
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)\n\tat
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)\n\tat
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)\n\tat
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)\n\tat
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)\n\tat
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tat
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n\tat
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)\n\tat
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat
java.lang.Thread.run(Thread.java:745)\n","exception":null,"url":"http://lcoalhost:7070/kylin/api/hybrids"}
{quote}
If a parameter project without a value is specified, call succeeds. E.g.
{quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d
{}[http://localhost:7070/kylin/api/hybrids?project]
{quote}
Quick look at the HybridService.java suggests that there is a bug in the code,
where the very first line tries to check ACLs on the project using the project
name, which is NULL, when project parameter is not specified as part of the URL.
If parameter is specified without a value, ACL check is not performed, so it's
another bug, as the list of projects is retrieved without read permission
checking.
> Query for the list of hybrid cubes results in NPE
> -------------------------------------------------
>
> Key: KYLIN-3223
> URL: https://issues.apache.org/jira/browse/KYLIN-3223
> Project: Kylin
> Issue Type: Bug
> Components: REST Service
> Affects Versions: v2.2.0
> Environment: HDP 2.5.6, Kylin 2.2
> Reporter: Vsevolod Ostapenko
> Assignee: nichunen
> Priority: Major
>
> Calling REST API to get the list of hybrid cubes returns stack trace with NPE
> exception.
> {quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {}
> [http://localhost:7070/kylin/api/hybrids]
> {quote}
>
> If a parameter project without a value is specified, call succeeds. E.g.
> {quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {}
> [http://localhost:7070/kylin/api/hybrids?project]
> {quote}
> Quick look at the HybridService.java suggests that there is a bug in the
> code, where the very first line tries to check ACLs on the project using the
> project name, which is NULL, when project parameter is not specified as part
> of the URL.
> If parameter is specified without a value, ACL check is not performed, so
> it's another bug, as the list of projects is retrieved without read
> permission checking.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
