Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-14898

HS2 shouldn't log callstack for an empty auth header error

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 4.0.0-alpha-1
    • None
    • None
    • Reviewed

    Description

      Currently when the auth header is not sent by the client (Knox seems to do this every time - it only adds auth header after receiving 401), HS2 logs the following twice, for two principals.
      The callstack is useless because this is an expected condition and 401 is returned to the client.

      2016-10-05 15:32:02,408 ERROR [HiveServer2-HttpHandler-Pool: Thread-199]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(169)) - Failed to authenticate with hive/_HOST kerberos principal
      2016-10-05 15:32:02,408 ERROR [HiveServer2-HttpHandler-Pool: Thread-199]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(104)) - Error: 
      org.apache.hive.service.auth.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException
      	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:170)
      	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:83)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:565)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
      	at org.eclipse.jetty.server.Server.handle(Server.java:349)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:952)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.reflect.UndeclaredThrowableException
      	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1686)
      	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:167)
      	... 23 more
      Caused by: org.apache.hive.service.auth.HttpAuthenticationException: Authorization header received from the client is empty.
      	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.getAuthHeader(ThriftHttpServlet.java:311)
      	at org.apache.hive.service.cli.thrift.ThriftHttpServlet.access$100(ThriftHttpServlet.java:59)
      	at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:212)
      	at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:175)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at javax.security.auth.Subject.doAs(Subject.java:415)
      	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
      	... 24 more
      

      Attachments

        1. HIVE-14898.1.patch
          4 kB
          Daniel Dai

        Activity

          People

            daijy Daniel Dai
            sershe Sergey Shelukhin
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: