Details
-
Brainstorming
-
Status: Resolved
-
Minor
-
Resolution: Not A Problem
-
None
-
None
-
None
-
None
Description
In other methods such as SimpleServerRpcConnection.saslReadAndProcess, they always record "AUTH_FAILED_FOR" for an exception, and "AUTH_SUCCESSFUL_FOR" after task is completed like this:
private void saslReadAndProcess(ByteBuff saslToken) throws IOException, InterruptedException { ...... } catch (IOException e) { ...... // attempting user could be null RpcServer.AUDITLOG.warn("{}{}: {}", RpcServer.AUTH_FAILED_FOR, clientIP, saslServer.getAttemptingUser()); throw e; } ...... if (saslServer.isComplete()) { ...... RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi); ...... } } }
but NettyHBaseSaslRpcServerHandler.channelRead0 only record "AUTH_SUCCESSFUL_FOR" in finishSaslNegotiation, and just throw Exception without record "AUTH_FAILED_FOR":
protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception { ...... if (saslServer.isComplete()) { conn.finishSaslNegotiation(); ...... } } void finishSaslNegotiation() throws IOException { ...... RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi); }
So I think an exceptionCaught should be called here:
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { LOG.error("Error when doing SASL handshade, provider={}", conn.provider, cause); Throwable sendToClient = HBaseSaslRpcServer.unwrap(cause); doResponse(ctx, SaslStatus.ERROR, null, sendToClient.getClass().getName(), sendToClient.getLocalizedMessage()); rpcServer.metrics.authenticationFailure(); String clientIP = this.toString(); // attempting user could be null RpcServer.AUDITLOG.warn("{}{}: {}", RpcServer.AUTH_FAILED_FOR, clientIP, conn.saslServer != null ? conn.saslServer.getAttemptingUser() : "Unknown"); NettyFutureUtils.safeClose(ctx); }
Attachments
Issue Links
- links to