hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Singhi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-12811) [AccessController] NPE while scan a table with user not having READ permission on the namespace
Date Wed, 07 Jan 2015 13:11:35 GMT

     [ https://issues.apache.org/jira/browse/HBASE-12811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ashish Singhi updated HBASE-12811:
----------------------------------
    Description: 
Steps to reproduce
1) Grant a user permission(other than READ) on a namespace
2) Scan a table in that namespace from that user
we get the following exception.
{noformat}
java.lang.NullPointerException
	at org.apache.hadoop.hbase.security.access.TablePermission.implies(TablePermission.java:215)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:340)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:332)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorizeGroup(TableAuthManager.java:473)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:490)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:500)
	at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:415)
	at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:484)
	at org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1504)
	at org.apache.hadoop.hbase.security.access.AccessController.preScannerOpen(AccessController.java:2027)
	at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preScannerOpen(RegionCoprocessorHost.java:1987)
	at org.apache.hadoop.hbase.regionserver.HRegionServer.scan(HRegionServer.java:3102)
{noformat}
*Note:* Line numbers may not match.

  was:
A user is associated with two groups.
{noformat}
/hbase/bin> groups ashish_test
ashish_test : defaultgroup ashish_test_1420524824527
{noformat}

One of its group is granted permission on a table as shown by user_permission command.
{noformat}
hbase(main):005:0> user_permission 't1'
User                                                 Table,Family,Qualifier:Permission
 @ashish_test_1420524824527                          t1,,: [Permission: actions=EXEC,WRITE,CREATE]
 @ashish_test_1420524824527                          t1,d,: [Permission: actions=EXEC,WRITE,CREATE]
 hbase                                               t1,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
3 row(s) in 0.3710 seconds
{noformat}

Now when this user try the scan the table, we get the following exception.
{noformat}
java.lang.NullPointerException
	at org.apache.hadoop.hbase.security.access.TablePermission.implies(TablePermission.java:215)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:340)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:332)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorizeGroup(TableAuthManager.java:473)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:490)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:500)
	at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:415)
	at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:484)
	at org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1504)
	at org.apache.hadoop.hbase.security.access.AccessController.preScannerOpen(AccessController.java:2027)
	at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preScannerOpen(RegionCoprocessorHost.java:1987)
	at org.apache.hadoop.hbase.regionserver.HRegionServer.scan(HRegionServer.java:3102)
{noformat}
*Note:* Line numbers may not match.

Exception is coming because the other group of same user which has not been granted permission
on the table will have the TablePermission's table(name) as null.

        Summary: [AccessController] NPE while scan a table with user not having READ permission
on the namespace  (was: [AccessController] NPE while scan a table with user associated with
multiple groups.)

> [AccessController] NPE while scan a table with user not having READ permission on the
namespace
> -----------------------------------------------------------------------------------------------
>
>                 Key: HBASE-12811
>                 URL: https://issues.apache.org/jira/browse/HBASE-12811
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.98.9
>            Reporter: Ashish Singhi
>            Assignee: Ashish Singhi
>             Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>
>
> Steps to reproduce
> 1) Grant a user permission(other than READ) on a namespace
> 2) Scan a table in that namespace from that user
> we get the following exception.
> {noformat}
> java.lang.NullPointerException
> 	at org.apache.hadoop.hbase.security.access.TablePermission.implies(TablePermission.java:215)
> 	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:340)
> 	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:332)
> 	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorizeGroup(TableAuthManager.java:473)
> 	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:490)
> 	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:500)
> 	at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:415)
> 	at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:484)
> 	at org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1504)
> 	at org.apache.hadoop.hbase.security.access.AccessController.preScannerOpen(AccessController.java:2027)
> 	at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preScannerOpen(RegionCoprocessorHost.java:1987)
> 	at org.apache.hadoop.hbase.regionserver.HRegionServer.scan(HRegionServer.java:3102)
> {noformat}
> *Note:* Line numbers may not match.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message