commit 4f894f0331bc93ce405643ba538c41bf234fe831 Author: Daniel Dai Date: Tue Aug 14 23:21:33 2018 -0700 HIVE-14898: HS2 shouldn't log callstack for an empty auth header error Change-Id: I8a821ae162a45204b7d4a6cb091eee094b1f56cd diff --git a/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java b/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java new file mode 100644 index 0000000..b6b71bc --- /dev/null +++ b/service/src/java/org/apache/hive/service/auth/ldap/HttpEmptyAuthenticationException.java @@ -0,0 +1,23 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hive.service.auth.ldap; + +import org.apache.hive.service.auth.HttpAuthenticationException; + +public class HttpEmptyAuthenticationException extends HttpAuthenticationException { + + public HttpEmptyAuthenticationException(String msg) { + super(msg); + } +} diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java index 70ffa3c..ffc5ef4 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java @@ -53,6 +53,7 @@ import org.apache.hive.service.auth.HttpAuthUtils; import org.apache.hive.service.auth.HttpAuthenticationException; import org.apache.hive.service.auth.PasswdAuthenticationProvider; +import org.apache.hive.service.auth.ldap.HttpEmptyAuthenticationException; import org.apache.hive.service.cli.HiveSQLException; import org.apache.hive.service.cli.session.SessionManager; import org.apache.thrift.TProcessor; @@ -207,7 +208,11 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) super.doPost(request, response); } catch (HttpAuthenticationException e) { - LOG.error("Error: ", e); + // Ignore HttpEmptyAuthenticationException, it is normal for knox + // to send a request with empty header + if (!(e instanceof HttpEmptyAuthenticationException)) { + LOG.error("Error: ", e); + } // Send a 401 to the client response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); if(isKerberosAuthMode(authType)) { @@ -404,6 +409,9 @@ private String doKerberosAuth(HttpServletRequest request) try { return serviceUGI.doAs(new HttpKerberosServerAction(request, serviceUGI)); } catch (Exception e) { + if (e.getCause() instanceof HttpEmptyAuthenticationException) { + throw (HttpEmptyAuthenticationException)e.getCause(); + } LOG.error("Failed to authenticate with hive/_HOST kerberos principal"); throw new HttpAuthenticationException(e); } @@ -546,7 +554,7 @@ private String getAuthHeader(HttpServletRequest request, String authType) String authHeader = request.getHeader(HttpAuthUtils.AUTHORIZATION); // Each http request must have an Authorization header if (authHeader == null || authHeader.isEmpty()) { - throw new HttpAuthenticationException("Authorization header received " + + throw new HttpEmptyAuthenticationException("Authorization header received " + "from the client is empty."); }