duongnguyen0 commented on code in PR #3531:
URL: https://github.com/apache/ozone/pull/3531#discussion_r924013257


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/signature/AWSSignatureProcessor.java:
##########
@@ -67,7 +78,13 @@ public SignatureInfo parseSignature() throws OS3Exception {
 
     SignatureInfo signatureInfo = null;
     for (SignatureParser parser : signatureParsers) {
-      signatureInfo = parser.parseSignature();
+      try {
+        signatureInfo = parser.parseSignature();
+      } catch (MalformedResourceException e) {
+        AuditMessage message = buildAuthFailureMessage(e);
+        AUDIT.logAuthFailure(message);
+        throw S3ErrorTable.newError(MALFORMED_HEADER, e.getResource());
+      }
       if (signatureInfo != null) {
         break;
       }

Review Comment:
   Thanks for looking at the logs. Actually, the audit log was there but the 
action is not properly named. I've just submit an update to fixed this. 
   
   The warning logs is another problem. It's from the fact that S3G parses and 
links S3 signature to Endpoints using dependency injection. i.e.
   
   ```
   @RequestScoped
   public class OzoneClientProducer {
     @Produces
     public S3Auth getSignature() {} 
   }
   ```
   
   ```
   public abstract class EndpointBase implements Auditor {
   
     @Inject
     private OzoneClient client;
   ```
   
   The resolution of `S3Auth` is done by HK2 (Jersey lightweight IoC 
framework). When HK2 tries to create an `S3Auth` instance and gets exceptions 
for invalid/malformed signatures, it always logs the exceptions as warnings 
before passing to Jersey to resolve the exceptions to 4xx responses. I found no 
way to override this behavior. 
   
   To avoid the warning logs for those user event exceptions, we can either 
refactor to avoid using DI for creating and injecting `S3Auth`, or just disable 
the those warning logs using log config (note that Jersey just doesn't use 
log4j but Java Util Logging, so this may be some complication). Think I should 
log this in another JIRA.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to