From 27e48746c8b46645595ddc84eceb4691ac162129 Mon Sep 17 00:00:00 2001 From: Reid Chan Date: Tue, 19 Dec 2017 10:52:41 +0800 Subject: [PATCH] HBASE-17513 Thrift Server 1 uses different QOP settings than RPC and Thrift Server 2 and can easily be misconfigured so there is no encryption when the operator expects it --- .../java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java index 98e62eb206..4e9c3bd9a1 100644 --- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java +++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java @@ -361,6 +361,12 @@ public class ThriftServerRunner implements Runnable { throw new IOException("Thrift server must" + " run in secure mode to support authentication"); } + if (qop == QualityOfProtection.PRIVACY && + conf.getBoolean(USE_HTTP_CONF_KEY, false) && + !conf.getBoolean(THRIFT_SSL_ENABLED, false)) { + throw new IOException("Thrift HTTP Server's QoP of is privacy, but " + + THRIFT_SSL_ENABLED + " is false."); + } } } -- 2.15.0