hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ha...@apache.org
Subject hadoop git commit: HADOOP-11404. Clarify the "expected client Kerberos principal is null" authorization message. Contributed by Stephen Chu
Date Thu, 10 Mar 2016 11:40:10 GMT
Repository: hadoop
Updated Branches:
  refs/heads/branch-2 95d30a6ec -> 2e32aa547


HADOOP-11404. Clarify the "expected client Kerberos principal is null" authorization message.
Contributed by Stephen Chu

(cherry picked from commit 318c9b68b059981796f2742b4b7ee604ccdc47e5)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/2e32aa54
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/2e32aa54
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/2e32aa54

Branch: refs/heads/branch-2
Commit: 2e32aa5475ebf0d6d0e001f8b7c9192dae036156
Parents: 95d30a6
Author: Harsh J <harsh@cloudera.com>
Authored: Thu Mar 10 17:05:09 2016 +0530
Committer: Harsh J <harsh@cloudera.com>
Committed: Thu Mar 10 17:09:56 2016 +0530

----------------------------------------------------------------------
 .../security/authorize/ServiceAuthorizationManager.java | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/2e32aa54/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
index 5d29516..9da95dc 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
@@ -116,11 +116,13 @@ public class ServiceAuthorizationManager {
     }
     if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) ||

        acls.length != 2  || !acls[0].isUserAllowed(user) || acls[1].isUserAllowed(user))
{
-      AUDITLOG.warn(AUTHZ_FAILED_FOR + user + " for protocol=" + protocol
-          + ", expected client Kerberos principal is " + clientPrincipal);
-      throw new AuthorizationException("User " + user + 
-          " is not authorized for protocol " + protocol + 
-          ", expected client Kerberos principal is " + clientPrincipal);
+      String cause = clientPrincipal != null ?
+          ": this service is only accessible by " + clientPrincipal :
+          ": denied by configured ACL";
+      AUDITLOG.warn(AUTHZ_FAILED_FOR + user
+          + " for protocol=" + protocol + cause);
+      throw new AuthorizationException("User " + user +
+          " is not authorized for protocol " + protocol + cause);
     }
     if (addr != null) {
       String hostAddress = addr.getHostAddress();


Mime
View raw message