falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srikanth Sundarrajan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-326) Falcon not returning ProxyOozieClient for Simple Authentication
Date Sat, 01 Mar 2014 15:39:19 GMT

    [ https://issues.apache.org/jira/browse/FALCON-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13917098#comment-13917098
] 

Srikanth Sundarrajan commented on FALCON-326:
---------------------------------------------

On second thoughts, it is better to stay the way it is, as even in simple mode proxying user
is possible. As [~svenkat] has pointed out already, FALCON-11 has already been marked as incompatible
due to change in user blacklisting behavior We should include another item to that stating
the requirement to create the proxy config in both Oozie & hadoop with this version of
Falcon. It might be useful to create a top level INCOMPATIBLE-CHANGES.txt in the repo to keep
track of this. This would be useful to publish along with the next release.

> Falcon not returning ProxyOozieClient for Simple Authentication 
> ----------------------------------------------------------------
>
>                 Key: FALCON-326
>                 URL: https://issues.apache.org/jira/browse/FALCON-326
>             Project: Falcon
>          Issue Type: Bug
>          Components: common
>         Environment: QA InMobi 
>            Reporter: Samarth Gupta
>            Assignee: Srikanth Sundarrajan
>            Priority: Blocker
>
> After the security patch been merged as per JIRA https://issues.apache.org/jira/browse/FALCON-16
> Changes are not backward compatible since same setup worked perfectly fine with old falcon
builds before security patch. 
> all submit / schedule request are failing in distributed mode, when falcon is being started
with default "*.falcon.http.authentication.type=simple" 
> The reason being falcon returns ProxyOozieClient for both simple and kerberos mode. 
> error on submit entity :
> {code}
> 2014-02-28 12:00:31,787 ERROR V1AdminServlet:536 - USER[-] GROUP[-] TOKEN[-] APP[-] JOB[-]
ACTION[-] URL[GET http://gs1001.grid.corp.inmobi.com:11000/oozie/v1/admin/status?doAs=samarth.gupta&user.name=samarth]
error, User [samarth] not defined as proxyuser
> java.security.AccessControlException: User [samarth] not defined as proxyuser
>        at org.apache.oozie.service.ProxyUserService.validate(ProxyUserService.java:148)
>        at org.apache.oozie.servlet.JsonRestServlet.getUser(JsonRestServlet.java:553)
>        at org.apache.oozie.servlet.JsonRestServlet.service(JsonRestServlet.java:278)
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at org.apache.oozie.servlet.AuthFilter$2.doFilter(AuthFilter.java:126)
>        at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
>        at org.apache.oozie.servlet.AuthFilter.doFilter(AuthFilter.java:131)
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at org.apache.oozie.servlet.HostnameFilter.doFilter(HostnameFilter.java:84)
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
>        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
>        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>        at java.lang.Thread.run(Thread.java:701)
> {code}
> even if we bypass the above error by hardcoding the remote user, following error comes
in schedule:
> {code}
> 014-02-28 12:24:23,323 ERROR - [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Failure reason (FalconWebException:39)
> org.apache.falcon.FalconException: AUTHENTICATION : E1400 : User [samarth] not defined
as proxyuser
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:208)
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:234)
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:227)
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.schedule(OozieWorkflowEngine.java:107)
>        at org.apache.falcon.resource.AbstractSchedulableEntityManager.scheduleInternal(AbstractSchedulableEntityManager.java:68)
>        at org.apache.falcon.resource.AbstractSchedulableEntityManager.schedule(AbstractSchedulableEntityManager.java:57)
>        at org.apache.falcon.resource.SchedulableEntityManager.schedule(SchedulableEntityManager.java:85)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>        at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
>        at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>        at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
>        at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>        at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>        at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>        at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>        at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
>        at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
>        at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
>        at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
>        at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
>        at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
>        at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>        at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
>        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
>        at org.apache.falcon.security.BasicAuthFilter$2.doFilter(BasicAuthFilter.java:156)
>        at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382)
>        at org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194)
>        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
>        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
>        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
>        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
>        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
>        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
>        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
>        at org.mortbay.jetty.Server.handle(Server.java:326)
>        at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
>        at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
>        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
>        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
>        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>        at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
>        at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Caused by: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
>        at org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:559)
>        at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:193)
>        ... 46 more
> Caused by: E1400 : User [samarth] not defined as proxyuser
>        at org.apache.oozie.client.OozieClient.handleError(OozieClient.java:508)
>        at org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1186)
>        at org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1165)
>        at org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:479)
>        at org.apache.oozie.client.OozieClient.getBundleJobsInfo(OozieClient.java:1518)
>        at org.apache.oozie.client.ProxyOozieClient.access$2901(ProxyOozieClient.java:48)
>        at org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:555)
>        at org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:553)
>        at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191)
>        at org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:553)
>        ... 47 more
> 2014-02-28 12:24:23,325 ERROR - [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817
b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Action failed: Bad Request
> Error:AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser
> (FalconWebException:58)
> {code}



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message