[jira] [Commented] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16804233#comment-16804233 ] Tomas Sokorai commented on HBASE-22123: --- Thanks a lot!, and yes, I have a mail configured in the Jira profile but couldn't find a setting to make it viewable for other members. > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Assignee: Tomas Sokorai >Priority: Minor > Fix For: 3.0.0, 2.2.0, 2.3.0, 2.0.6, 2.1.5 > > Attachments: HBASE-22123.patch, HBASE-22123_002.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[
https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16804198#comment-16804198
]
Tomas Sokorai commented on HBASE-22123:
---
Thanks for the input, Stack.
Added the style changes.
And re:the actual message, the upper code handles the ADE nicely and gets you
something like this:
{code:java}
HTTP/1.1 403 Forbidden{code}
on the HTTP side, and in the message
{code:java}
Forbidden
org.apache.hadoop.hbase.security.AccessDeniedException:
org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
permissions for user ‘myuser',action: get, tableName:mytable, family:cf.
at
org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.authorizeAccess(RangerAuthorizationCoprocessor.java:547){code}
and the rest of the ADE stack
> REST gateway reports Insufficient permissions exceptions as 404 Not Found
> -
>
> Key: HBASE-22123
> URL: https://issues.apache.org/jira/browse/HBASE-22123
> Project: HBase
> Issue Type: Bug
> Components: REST
>Affects Versions: 2.0.5
>Reporter: Tomas Sokorai
>Priority: Minor
> Attachments: HBASE-22123.patch, HBASE-22123_002.patch
>
>
> When a row access is denied due to insufficient permissions, the error thrown
> to the client is 404 Not Found, instead of the proper 403 Forbidden exception.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomas Sokorai updated HBASE-22123: -- Attachment: HBASE-22123_002.patch > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Priority: Minor > Attachments: HBASE-22123.patch, HBASE-22123_002.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16803854#comment-16803854 ] Tomas Sokorai commented on HBASE-22123: --- Attached proposed patch for this issue. > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Priority: Minor > Attachments: HBASE-22123.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[ https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomas Sokorai updated HBASE-22123: -- Attachment: HBASE-22123.patch > REST gateway reports Insufficient permissions exceptions as 404 Not Found > - > > Key: HBASE-22123 > URL: https://issues.apache.org/jira/browse/HBASE-22123 > Project: HBase > Issue Type: Bug > Components: REST >Affects Versions: 2.0.5 >Reporter: Tomas Sokorai >Priority: Minor > Attachments: HBASE-22123.patch > > > When a row access is denied due to insufficient permissions, the error thrown > to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
[
https://issues.apache.org/jira/browse/HBASE-22123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16803852#comment-16803852
]
Tomas Sokorai commented on HBASE-22123:
---
This is caused by the class org.apache.hadoop.hbase.rest.RowResultGenerator
constructor catching the DoNotRetryIOException for a particular use case, but
not rethrowing it for the exception for the AccessDeniedException case.
Current code:
{code:java}
} catch (DoNotRetryIOException e) {
// Warn here because Stargate will return 404 in the case if multiple
// column families were specified but one did not exist -- currently
// HBase will fail the whole Get.
// Specifying multiple columns in a URI should be uncommon usage but
// help to avoid confusion by leaving a record of what happened here in
// the log.
LOG.warn(StringUtils.stringifyException(e));
} finally {{code}
Proposed change is:
{code:java}
} catch (DoNotRetryIOException e) {
// Warn here because Stargate will return 404 in the case if multiple
// column families were specified but one did not exist -- currently
// HBase will fail the whole Get.
// Specifying multiple columns in a URI should be uncommon usage but
// help to avoid confusion by leaving a record of what happened here in
// the log.
LOG.warn(StringUtils.stringifyException(e));
// Lets get the exception rethrown to get a more meaningful error message
than 404
if(e instanceof AccessDeniedException)
throw e;
} finally {{code}
> REST gateway reports Insufficient permissions exceptions as 404 Not Found
> -
>
> Key: HBASE-22123
> URL: https://issues.apache.org/jira/browse/HBASE-22123
> Project: HBase
> Issue Type: Bug
> Components: REST
>Affects Versions: 2.0.5
>Reporter: Tomas Sokorai
>Priority: Minor
>
> When a row access is denied due to insufficient permissions, the error thrown
> to the client is 404 Not Found, instead of the proper 403 Forbidden exception.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (HBASE-22123) REST gateway reports Insufficient permissions exceptions as 404 Not Found
Tomas Sokorai created HBASE-22123: - Summary: REST gateway reports Insufficient permissions exceptions as 404 Not Found Key: HBASE-22123 URL: https://issues.apache.org/jira/browse/HBASE-22123 Project: HBase Issue Type: Bug Components: REST Affects Versions: 2.0.5 Reporter: Tomas Sokorai When a row access is denied due to insufficient permissions, the error thrown to the client is 404 Not Found, instead of the proper 403 Forbidden exception. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
