[jira] [Created] (HDDS-7139) INVALID_TOKEN is handled as internal error in S3G

Thu, 18 Aug 2022 11:20:35 -0700 

Attila Doroszlai created HDDS-7139:
--------------------------------------

             Summary: INVALID_TOKEN is handled as internal error in S3G
                 Key: HDDS-7139
                 URL: https://issues.apache.org/jira/browse/HDDS-7139
             Project: Apache Ozone
          Issue Type: Bug
          Components: S3
            Reporter: Attila Doroszlai
            Assignee: Attila Doroszlai


Providing wrong signature (authentication) for S3 request should result in 
access denied (403), but currently it results in server error (500) instead:

{code}
$ kinit -kt /etc/security/keytabs/scm.keytab scm/[email protected]
$ ozone sh bucket create /s3v/bucket
$ ozone sh key put /s3v/bucket/passwd /etc/passwd
$ curl -i -X GET 'http://s3g:9878/bucket/passwd' -H 'Authorization: AWS 
scm/[email protected]:asdfqwerty'
HTTP/1.1 500 Server Error
...
{code}

Server-side log:

{noformat}
s3g_1       | 2022-08-18 17:58:41,466 [qtp1178587240-20] WARN 
server.HttpChannelState: unhandled due to prior sendError
s3g_1       | javax.servlet.ServletException: javax.servlet.ServletException: 
org.glassfish.jersey.server.ContainerException: INVALID_TOKEN 
org.apache.hadoop.ozone.om.exceptions.OMException: User scm/[email protected] 
request authorization failure: signatures do NOT match
...
s3g_1       | Caused by: INVALID_TOKEN 
org.apache.hadoop.ozone.om.exceptions.OMException: User scm/[email protected] 
request authorization failure: signatures do NOT match
s3g_1       |   at 
org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.handleError(OzoneManagerProtocolClientSideTranslatorPB.java:696)
s3g_1       |   at 
org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.getS3VolumeContext(OzoneManagerProtocolClientSideTranslatorPB.java:1205)
s3g_1       |   at 
org.apache.hadoop.ozone.client.rpc.RpcClient.getS3VolumeContext(RpcClient.java:510)
s3g_1       |   at 
org.apache.hadoop.ozone.client.ObjectStore.getS3Volume(ObjectStore.java:167)
s3g_1       |   at 
org.apache.hadoop.ozone.s3.endpoint.EndpointBase.getVolume(EndpointBase.java:133)
s3g_1       |   at 
org.apache.hadoop.ozone.s3.endpoint.ObjectEndpoint.get(ObjectEndpoint.java:289)
{noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to