Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Invalid
-
0.6
-
None
-
None
Description
Sample response is:
2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Url: http://ip-172-31-47-32.ec2.internal:15000/api/entities/delete/process/agregator-coord16-22ceac97?user.name=falcon (BaseRequest:163) 2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Method: DELETE (BaseRequest:164) 2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Header: Name=Content-Type Value=text/xml (BaseRequest:167) 2014-10-29 15:20:28,518 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Header: Name=Cookie Value=hadoop.auth=u=falcon&p=falcon&t=simple&e=1414632028513&s=1nC83wrEf/iOQvualO/fPAH4qE4= (BaseRequest:167) 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Status: HTTP/1.1 400 Bad Request (BaseRequest:193) 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Content-Type Value=text/xml (BaseRequest:195) 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=requestId Value=114790f0-0b80-43c0-9899-042705741916 (BaseRequest:195) 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Content-Length Value=263 (BaseRequest:195) 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Server Value=Jetty(6.1.26.hwx) (BaseRequest:195) Warning: org.apache.xerces.parsers.SAXParser: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized. Warning: org.apache.xerces.parsers.SAXParser: Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized. 2014-10-29 15:20:28,675 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ The web service response is: <?xml version="1.0" encoding="UTF-8"?><result> <status>FAILED</status> <message>org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon</message> </result> (ServiceResponse:86)
Relevant log from falcon.application.log:
2014-10-29 15:20:28,526 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Logging in falcon (CurrentUser:69) 2014-10-29 15:20:28,526 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Request from user: falcon, URL=/api/entities/delete/process/agregator-coord16-22ceac97?user.name=falcon (FalconAuthenticationFilter:181) 2014-10-29 15:20:28,526 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Authorizing user=falcon against request=RequestParts{resource='entities', action='delete', entityName='agregator-coord16-22ceac97', entityType='process'} (FalconAuthorizationFilter:70) 2014-10-29 15:20:28,527 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Authorizing authenticatedUser=falcon, against resource=entities, action=delete, entity name=agregator-coord16-22ceac97, entity type=process (DefaultAuthorizationProvider:125) 2014-10-29 15:20:28,528 DEBUG - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Invoking method delete on service org.apache.falcon.resource.ConfigSyncService (IPCChannel:45) 2014-10-29 15:20:28,669 ERROR - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Unable to reach workflow engine for deletion or deletion failed (AbstractEntityManager:228) org.apache.falcon.FalconException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon at org.apache.falcon.entity.EntityUtil.getAllStagingPaths(EntityUtil.java:600) at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:269) at org.apache.falcon.workflow.engine.OozieWorkflowEngine.doBundleAction(OozieWorkflowEngine.java:367) at org.apache.falcon.workflow.engine.OozieWorkflowEngine.doBundleAction(OozieWorkflowEngine.java:361) at org.apache.falcon.workflow.engine.OozieWorkflowEngine.delete(OozieWorkflowEngine.java:345) at org.apache.falcon.resource.AbstractEntityManager.delete(AbstractEntityManager.java:215) at org.apache.falcon.resource.ConfigSyncService.delete(ConfigSyncService.java:56) at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.falcon.resource.channel.IPCChannel.invoke(IPCChannel.java:49) at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$2.doExecute(SchedulableEntityManagerProxy.java:182) at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$EntityProxy.execute(SchedulableEntityManagerProxy.java:447) at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$2.execute(SchedulableEntityManagerProxy.java:172) at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy.delete_aroundBody2(SchedulableEntityManagerProxy.java:184) at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$AjcClosure3.run(SchedulableEntityManagerProxy.java:1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) at org.apache.falcon.aspect.AbstractFalconAspect.logAroundMonitored(AbstractFalconAspect.java:51) at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy.delete(SchedulableEntityManagerProxy.java:159) at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339) at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221) at org.apache.falcon.security.FalconAuthorizationFilter.doFilter(FalconAuthorizationFilter.java:80) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212) at org.apache.falcon.security.FalconAuthenticationFilter$2.doFilter(FalconAuthenticationFilter.java:184) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:572) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:542) at org.apache.falcon.security.FalconAuthenticationFilter.doFilter(FalconAuthenticationFilter.java:193) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212) at org.apache.falcon.security.FalconAuditFilter.doFilter(FalconAuditFilter.java:65) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon at org.apache.hadoop.ipc.Client.call(Client.java:1468) at org.apache.hadoop.ipc.Client.call(Client.java:1399) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:232) at com.sun.proxy.$Proxy27.getListing(Unknown Source) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getListing(ClientNamenodeProtocolTranslatorPB.java:554) at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:187) at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102) at com.sun.proxy.$Proxy28.getListing(Unknown Source) at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1947) at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1930) at org.apache.hadoop.hdfs.DistributedFileSystem.listStatusInternal(DistributedFileSystem.java:693) at org.apache.hadoop.hdfs.DistributedFileSystem.access$600(DistributedFileSystem.java:105) at org.apache.hadoop.hdfs.DistributedFileSystem$15.doCall(DistributedFileSystem.java:755) at org.apache.hadoop.hdfs.DistributedFileSystem$15.doCall(DistributedFileSystem.java:751) at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81) at org.apache.hadoop.hdfs.DistributedFileSystem.listStatus(DistributedFileSystem.java:751) at org.apache.hadoop.fs.FileSystem.listStatus(FileSystem.java:1485) at org.apache.hadoop.fs.FileSystem.listStatus(FileSystem.java:1525) at org.apache.falcon.entity.EntityUtil.getAllStagingPaths(EntityUtil.java:589) ... 62 more 2014-10-29 15:20:28,670 ERROR - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Action failed: Bad Request Error: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon (FalconWebException:68) 2014-10-29 15:20:28,670 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ {Action:delete, Dimensions:{entityType=process, colo=NULL, entityName=agregator-coord16-22ceac97}, Status: FAILED, Time-taken:142594851 ns} (METRIC:38) 2014-10-29 15:20:28,671 DEBUG - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916] ~ Audit: falcon/172.31.47.32 performed request
Attachments
Attachments
Issue Links
- is related to
-
FALCON-851 Super user authorization is broken
- Resolved