[jira] [Commented] (PHOENIX-5374) Incorrect exception thrown in some cases when client does not have Exec permissions on SYSTEM:CATALOG

Wed, 26 Jun 2019 02:03:18 -0700 


    [ 
https://issues.apache.org/jira/browse/PHOENIX-5374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16873118#comment-16873118
 ] 

Hadoop QA commented on PHOENIX-5374:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12972923/PHOENIX-5374-master-v1.patch
  against master branch at commit ebea0833e5822b95f18612860d6d54d806cd4507.
  ATTACHMENT ID: 12972923

    {color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include 
any new or modified tests.
                        Please justify why no new tests are needed for this 
patch.
                        Also please list what manual steps were performed to 
verify this patch.

    {color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

    {color:green}+1 lineLengths{color}.  The patch does not introduce lines 
longer than 100

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: 
https://builds.apache.org/job/PreCommit-PHOENIX-Build/2705//testReport/
Console output: 
https://builds.apache.org/job/PreCommit-PHOENIX-Build/2705//console

This message is automatically generated.

> Incorrect exception thrown in some cases when client does not have Exec 
> permissions on SYSTEM:CATALOG
> -----------------------------------------------------------------------------------------------------
>
>                 Key: PHOENIX-5374
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-5374
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Chinmay Kulkarni
>            Assignee: Chinmay Kulkarni
>            Priority: Major
>             Fix For: 5.1.0, 4.15.1
>
>         Attachments: PHOENIX-5374-master-v1.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Scenario:
> * Server and client-side namespace-mapping is enabled.
> * "hbase.security.exec.permission.checks" is true on the server. Thus, EXEC 
> permission checking will be performed during coprocessor endpoint 
> invocations. 
> * Client does not have EXEC permissions on SYSTEM:CATALOG
> * Client calls DriverManager.getConnection(..) and this fails with the 
> following exception:
> {noformat}
> java.sql.SQLException: ERROR 2006 (INT08): Incompatible jars detected between 
> client and server. Ensure that phoenix-[version]-server.jar is put on the 
> classpath of HBase in every region server: 
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient 
> permissions (user=unprivilegedUser_N000007, scope=SYSTEM:CATALOG, 
> params=[table=SYSTEM:CATALOG],action=EXEC)
>       at 
> org.apache.hadoop.hbase.security.access.AccessChecker.requirePermission(AccessChecker.java:281)
>       at 
> org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:446)
>       at 
> org.apache.hadoop.hbase.security.access.AccessController.preEndpointInvocation(AccessController.java:2015)
>       at 
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$64.call(RegionCoprocessorHost.java:1707)
>       at 
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$64.call(RegionCoprocessorHost.java:1704)
>       at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithResult.callObserver(CoprocessorHost.java:578)
>       at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:614)
>       at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperationWithResult(CoprocessorHost.java:592)
>       at 
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preEndpointInvocation(RegionCoprocessorHost.java:1703)
>       at 
> org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8011)
>       at 
> org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2409)
>       at 
> org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2391)
>       at 
> org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
>       at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:409)
>       at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130)
>       at 
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
>       at 
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
> {noformat}
> The above is encountered as a result of a call to _getVersion_ from 
> _ConnectionQueryServicesImpl#checkClientServerCompatibility_, but can occur 
> from any place that we check client-server compatibility. 
> The exception bubbles up as an *INCOMPATIBLE_CLIENT_SERVER_JAR* exception, 
> which is wrong and also leads to misleading logs for clients.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to