hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Shelukhin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-14898) HS2 shouldn't log callstack for an empty auth header error
Date Thu, 06 Oct 2016 00:03:20 GMT

    [ https://issues.apache.org/jira/browse/HIVE-14898?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15550359#comment-15550359
] 

Sergey Shelukhin commented on HIVE-14898:
-----------------------------------------

[~thejas] fyi

> HS2 shouldn't log callstack for an empty auth header error
> ----------------------------------------------------------
>
>                 Key: HIVE-14898
>                 URL: https://issues.apache.org/jira/browse/HIVE-14898
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Sergey Shelukhin
>
> Currently when the auth header is not sent by the client (Knox seems to do this every
time - it only adds auth header after receiving 401), HS2 logs the following twice, for two
principals.
> The callstack is useless because this is an expected condition and 401 is returned to
the client.
> {noformat}
> 2016-10-05 15:32:02,408 ERROR [HiveServer2-HttpHandler-Pool: Thread-199]: thrift.ThriftHttpServlet
(ThriftHttpServlet.java:doKerberosAuth(169)) - Failed to authenticate with hive/_HOST kerberos
principal
> 2016-10-05 15:32:02,408 ERROR [HiveServer2-HttpHandler-Pool: Thread-199]: thrift.ThriftHttpServlet
(ThriftHttpServlet.java:doPost(104)) - Error: 
> org.apache.hive.service.auth.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException
> 	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:170)
> 	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:83)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> 	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:565)
> 	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479)
> 	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)
> 	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
> 	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)
> 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
> 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
> 	at org.eclipse.jetty.server.Server.handle(Server.java:349)
> 	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449)
> 	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925)
> 	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:952)
> 	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
> 	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
> 	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
> 	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.reflect.UndeclaredThrowableException
> 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1686)
> 	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:167)
> 	... 23 more
> Caused by: org.apache.hive.service.auth.HttpAuthenticationException: Authorization header
received from the client is empty.
> 	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.getAuthHeader(ThriftHttpServlet.java:311)
> 	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.access$100(ThriftHttpServlet.java:59)
> 	at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:212)
> 	at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:175)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:415)
> 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
> 	... 24 more
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message