[jira] [Updated] (HIVE-14898) HS2 shouldn't log callstack for an empty auth header error

Daniel Dai (JIRA) Tue, 14 Aug 2018 23:23:15 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-14898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Daniel Dai updated HIVE-14898:
------------------------------
    Target Version/s: 4.0.0
              Status: Patch Available  (was: Open)

> HS2 shouldn't log callstack for an empty auth header error
> ----------------------------------------------------------
>
>                 Key: HIVE-14898
>                 URL: https://issues.apache.org/jira/browse/HIVE-14898
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Sergey Shelukhin
>            Assignee: Daniel Dai
>            Priority: Major
>         Attachments: HIVE-14898.1.patch
>
>
> Currently when the auth header is not sent by the client (Knox seems to do 
> this every time - it only adds auth header after receiving 401), HS2 logs the 
> following twice, for two principals.
> The callstack is useless because this is an expected condition and 401 is 
> returned to the client.
> {noformat}
> 2016-10-05 15:32:02,408 ERROR [HiveServer2-HttpHandler-Pool: Thread-199]: 
> thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(169)) - 
> Failed to authenticate with hive/_HOST kerberos principal
> 2016-10-05 15:32:02,408 ERROR [HiveServer2-HttpHandler-Pool: Thread-199]: 
> thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(104)) - Error: 
> org.apache.hive.service.auth.HttpAuthenticationException: 
> java.lang.reflect.UndeclaredThrowableException
>       at 
> org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:170)
>       at 
> org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:83)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>       at 
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:565)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
>       at org.eclipse.jetty.server.Server.handle(Server.java:349)
>       at 
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449)
>       at 
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925)
>       at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:952)
>       at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
>       at 
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
>       at 
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
>       at 
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>       at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.reflect.UndeclaredThrowableException
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1686)
>       at 
> org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:167)
>       ... 23 more
> Caused by: org.apache.hive.service.auth.HttpAuthenticationException: 
> Authorization header received from the client is empty.
>       at 
> org.apache.hive.service.cli.thrift.ThriftHttpServlet.getAuthHeader(ThriftHttpServlet.java:311)
>       at 
> org.apache.hive.service.cli.thrift.ThriftHttpServlet.access$100(ThriftHttpServlet.java:59)
>       at 
> org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:212)
>       at 
> org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:175)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:415)
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
>       ... 24 more
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (HIVE-14898) HS2 shouldn't log callstack for an empty auth header error

Reply via email to