Return-Path: X-Original-To: apmail-falcon-dev-archive@minotaur.apache.org Delivered-To: apmail-falcon-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D938F17BEB for ; Tue, 10 Mar 2015 13:58:04 +0000 (UTC) Received: (qmail 37105 invoked by uid 500); 10 Mar 2015 13:58:04 -0000 Delivered-To: apmail-falcon-dev-archive@falcon.apache.org Received: (qmail 37063 invoked by uid 500); 10 Mar 2015 13:58:04 -0000 Mailing-List: contact dev-help@falcon.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@falcon.apache.org Delivered-To: mailing list dev@falcon.apache.org Received: (qmail 37052 invoked by uid 99); 10 Mar 2015 13:58:04 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Mar 2015 13:58:04 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD,WEIRD_PORT X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 10 Mar 2015 13:57:41 +0000 Received: (qmail 35509 invoked by uid 99); 10 Mar 2015 13:57:38 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Mar 2015 13:57:38 +0000 Date: Tue, 10 Mar 2015 13:57:38 +0000 (UTC) From: "Shaik Idris Ali (JIRA)" To: dev@falcon.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Closed] (FALCON-326) Falcon not returning ProxyOozieClient for Simple Authentication MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/FALCON-326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shaik Idris Ali closed FALCON-326. ---------------------------------- > Falcon not returning ProxyOozieClient for Simple Authentication > ---------------------------------------------------------------- > > Key: FALCON-326 > URL: https://issues.apache.org/jira/browse/FALCON-326 > Project: Falcon > Issue Type: Bug > Components: common > Environment: QA InMobi > Reporter: Samarth Gupta > Assignee: Srikanth Sundarrajan > Attachments: oozie-site.xml > > > After the security patch been merged as per JIRA https://issues.apache.org/jira/browse/FALCON-16 > Changes are not backward compatible since same setup worked perfectly fine with old falcon builds before security patch. > all submit / schedule request are failing in distributed mode, when falcon is being started with default "*.falcon.http.authentication.type=simple" > The reason being falcon returns ProxyOozieClient for both simple and kerberos mode. > error on submit entity : > {code} > 2014-02-28 12:00:31,787 ERROR V1AdminServlet:536 - USER[-] GROUP[-] TOKEN[-] APP[-] JOB[-] ACTION[-] URL[GET http://gs1001.grid.corp.inmobi.com:11000/oozie/v1/admin/status?doAs=samarth.gupta&user.name=samarth] error, User [samarth] not defined as proxyuser > java.security.AccessControlException: User [samarth] not defined as proxyuser > at org.apache.oozie.service.ProxyUserService.validate(ProxyUserService.java:148) > at org.apache.oozie.servlet.JsonRestServlet.getUser(JsonRestServlet.java:553) > at org.apache.oozie.servlet.JsonRestServlet.service(JsonRestServlet.java:278) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.oozie.servlet.AuthFilter$2.doFilter(AuthFilter.java:126) > at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382) > at org.apache.oozie.servlet.AuthFilter.doFilter(AuthFilter.java:131) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.oozie.servlet.HostnameFilter.doFilter(HostnameFilter.java:84) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) > at java.lang.Thread.run(Thread.java:701) > {code} > even if we bypass the above error by hardcoding the remote user, following error comes in schedule: > {code} > 014-02-28 12:24:23,323 ERROR - [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817 b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Failure reason (FalconWebException:39) > org.apache.falcon.FalconException: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser > at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:208) > at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:234) > at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findLatestBundle(OozieWorkflowEngine.java:227) > at org.apache.falcon.workflow.engine.OozieWorkflowEngine.schedule(OozieWorkflowEngine.java:107) > at org.apache.falcon.resource.AbstractSchedulableEntityManager.scheduleInternal(AbstractSchedulableEntityManager.java:68) > at org.apache.falcon.resource.AbstractSchedulableEntityManager.schedule(AbstractSchedulableEntityManager.java:57) > at org.apache.falcon.resource.SchedulableEntityManager.schedule(SchedulableEntityManager.java:85) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) > at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288) > at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) > at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) > at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469) > at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400) > at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349) > at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339) > at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416) > at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537) > at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) > at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) > at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221) > at org.apache.falcon.security.BasicAuthFilter$2.doFilter(BasicAuthFilter.java:156) > at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:382) > at org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194) > at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212) > at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399) > at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) > at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) > at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766) > at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450) > at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) > at org.mortbay.jetty.Server.handle(Server.java:326) > at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) > at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928) > at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) > at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) > at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) > at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) > at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) > Caused by: AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser > at org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:559) > at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:193) > ... 46 more > Caused by: E1400 : User [samarth] not defined as proxyuser > at org.apache.oozie.client.OozieClient.handleError(OozieClient.java:508) > at org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1186) > at org.apache.oozie.client.OozieClient$BundleJobsStatus.call(OozieClient.java:1165) > at org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:479) > at org.apache.oozie.client.OozieClient.getBundleJobsInfo(OozieClient.java:1518) > at org.apache.oozie.client.ProxyOozieClient.access$2901(ProxyOozieClient.java:48) > at org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:555) > at org.apache.oozie.client.ProxyOozieClient$29.call(ProxyOozieClient.java:553) > at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191) > at org.apache.oozie.client.ProxyOozieClient.getBundleJobsInfo(ProxyOozieClient.java:553) > ... 47 more > 2014-02-28 12:24:23,325 ERROR - [1564374351@qtp-1257988948-0:samarth.gupta:POST//entities/schedule/feed/inPath-f819d39a-500e-44be-b63d-b933d8687817 b5f481c5-e0f4-4e06-9b6d-224264f20e62] ~ Action failed: Bad Request > Error:AUTHENTICATION : E1400 : User [samarth] not defined as proxyuser > (FalconWebException:58) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)