[jira] [Commented] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16804233#comment-16804233 ] Tomas Sokorai commented on HBASE-22123: --- Thanks a lot!, and yes, I have a mail configured in the Jira profile but couldn't find a setting to make it viewable for other members. > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Assignee: Tomas Sokorai >Priority: Minor > Fix For: 3.0.0, 2.2.0, 2.3.0, 2.0.6, 2.1.5 > > Attachments: HBASE-22123.patch, HBASE-22123_002.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16804198#comment-16804198 ] Tomas Sokorai commented on HBASE-22123: --- Thanks for the input, Stack. Added the style changes. And re:the actual message, the upper code handles the ADE nicely and gets you something like this: {code:java} HTTP/1.1 403 Forbidden{code} on the HTTP side, and in the message {code:java} Forbidden org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user ‘myuser',action: get, tableName:mytable, family:cf. at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.authorizeAccess(RangerAuthorizationCoprocessor.java:547){code} and the rest of the ADE stack > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Priority: Minor > Attachments: HBASE-22123.patch, HBASE-22123_002.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomas Sokorai updated HBASE-22123: -- Attachment: HBASE-22123_002.patch > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Priority: Minor > Attachments: HBASE-22123.patch, HBASE-22123_002.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16803854#comment-16803854 ] Tomas Sokorai commented on HBASE-22123: --- Attached proposed patch for this issue. > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Priority: Minor > Attachments: HBASE-22123.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomas Sokorai updated HBASE-22123: -- Attachment: HBASE-22123.patch > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Priority: Minor > Attachments: HBASE-22123.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16803852#comment-16803852 ] Tomas Sokorai commented on HBASE-22123: --- This is caused by the class org.apache.hadoop.hbase.rest.RowResultGenerator constructor catching the DoNotRetryIOException for a particular use case, but not rethrowing it for the exception for the AccessDeniedException case. Current code: {code:java} } catch (DoNotRetryIOException e) { // Warn here because Stargate will return 404 in the case if multiple // column families were specified but one did not exist -- currently // HBase will fail the whole Get. // Specifying multiple columns in a URI should be uncommon usage but // help to avoid confusion by leaving a record of what happened here in // the log. LOG.warn(StringUtils.stringifyException(e)); } finally {{code} Proposed change is: {code:java} } catch (DoNotRetryIOException e) { // Warn here because Stargate will return 404 in the case if multiple // column families were specified but one did not exist -- currently // HBase will fail the whole Get. // Specifying multiple columns in a URI should be uncommon usage but // help to avoid confusion by leaving a record of what happened here in // the log. LOG.warn(StringUtils.stringifyException(e)); // Lets get the exception rethrown to get a more meaningful error message than 404 if(e instanceof AccessDeniedException) throw e; } finally {{code} > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Priority: Minor > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
Tomas Sokorai created HBASE-22123: - Summary: REST gateway reports Insufficient permissions exceptions as 404 Not Found Key: HBASE-22123 URL: https://issues.apache.org/jira/browse/HBASE-22123 Project: HBase Issue Type: Bug Components: REST Affects Versions: 2.0.5 Reporter: Tomas Sokorai When a row access is denied due to insufficient permissions, the error thrown to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)