falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Samarth Gupta (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FALCON-326) Falcon not returning ProxyOozieClient for Simple Authentication
Date Fri, 28 Feb 2014 14:19:20 GMT
Samarth Gupta created FALCON-326:
------------------------------------

             Summary: Falcon not returning ProxyOozieClient for Simple Authentication 
                 Key: FALCON-326
                 URL: https://issues.apache.org/jira/browse/FALCON-326
             Project: Falcon
          Issue Type: Bug
          Components: common
         Environment: QA InMobi 
            Reporter: Samarth Gupta
            Assignee: Venkatesh Seetharam
            Priority: Blocker


After the security patch been merged as per JIRA https://issues.apache.org/jira/browse/FALCON-16

Changes are not backward compatible since same setup worked perfectly fine with old falcon
builds before security patch. 

all submit / schedule request are failing in distributed mode, when falcon is being started
with default "*.falcon.http.authentication.type=simple" 

The reason being falcon returns ProxyOozieClient for both simple and kerberos mode. 

error on submit entity :
{code}
2014-02-28 12:00:31,787 ERROR V1AdminServlet:536 - USER[-] GROUP[-] TOKEN[-] APP[-] JOB[-]
ACTION[-] URL[GET http://gs1001.grid.corp.inmobi.com:11000/oozie/v1/admin/status?doAs=samarth.gupta&user.name=samarth]
error, User [samarth] not defined as proxyuser
java.security.AccessControlException: User [samarth] not defined as proxyuser
       at org.apache.oozie.service.ProxyUserService.validate(ProxyUserService.java:148)
       at org.apache.oozie.servlet.JsonRestServlet.getUser(JsonRestServlet.java:553)
       at org.apache.oozie.servlet.JsonRestServlet.service(JsonRestServlet.java:278)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.oozie.servlet.AuthFilter$2.doFilter(AuthFilter.java:126)
       at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
       at org.apache.oozie.servlet.AuthFilter.doFilter(AuthFilter.java:131)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.oozie.servlet.HostnameFilter.doFilter(HostnameFilter.java:84)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
       at java.lang.Thread.run(Thread.java:701)
{code}

even if we bypass the above error by hardcoding the remote user, following error comes in
schedule:

{code}
014-02-28 12:24:23,323 ERROR - [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Failure reason (FalconWebException:39)
org.apache.falcon.FalconException: AUTHENTICATION : E1400 : User [samarth] not defined as
proxyuser
       at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:208)
       at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:234)
       at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:227)
       at org.apache.falcon.workflow.engine.OozieWorkflowEngine.schedule(OozieWorkflowEngine.java:107)
       at org.apache.falcon.resource.AbstractSchedulableEntityManager.scheduleInternal(AbstractSchedulableEntityManager.java:68)
       at org.apache.falcon.resource.AbstractSchedulableEntityManager.schedule(AbstractSchedulableEntityManager.java:57)
       at org.apache.falcon.resource.SchedulableEntityManager.schedule(SchedulableEntityManager.java:85)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
       at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
       at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
       at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
       at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
       at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
       at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
       at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
       at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
       at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
       at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
       at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
       at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
       at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
       at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
       at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
       at org.apache.falcon.security.BasicAuthFilter$2.doFilter(BasicAuthFilter.java:156)
       at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
       at org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194)
       at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
       at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
       at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
       at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
       at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
       at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
       at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
       at org.mortbay.jetty.Server.handle(Server.java:326)
       at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
       at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
       at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
       at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
       at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
       at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
       at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
       at org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:559)
       at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:193)
       ... 46 more
Caused by: E1400 : User [samarth] not defined as proxyuser
       at org.apache.oozie.client.OozieClient.handleError(OozieClient.java:508)
       at org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1186)
       at org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1165)
       at org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:479)
       at org.apache.oozie.client.OozieClient.getBundleJobsInfo(OozieClient.java:1518)
       at org.apache.oozie.client.ProxyOozieClient.access$2901(ProxyOozieClient.java:48)
       at org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:555)
       at org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:553)
       at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191)
       at org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:553)
       ... 47 more
2014-02-28 12:24:23,325 ERROR - [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Action failed: Bad Request
Error:AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
(FalconWebException:58)
{code}




--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message