FAQ
Repository: hive
Updated Branches:
   refs/heads/branch-1 0d1a45c22 -> dbe5ac6c6


HIVE-11875: JDBC Driver does not honor delegation token mechanism when readings params from ZooKeeper (Vaibhav Gumashta reviewed by Jason Dere)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/dbe5ac6c
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/dbe5ac6c
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/dbe5ac6c

Branch: refs/heads/branch-1
Commit: dbe5ac6c62fa5ce03d771aa0e7e243b0addd37ba
Parents: 0d1a45c
Author: Vaibhav Gumashta <vgumashta@apache.org>
Authored: Mon Sep 21 17:00:24 2015 -0700
Committer: Vaibhav Gumashta <vgumashta@apache.org>
Committed: Mon Sep 21 17:04:14 2015 -0700

----------------------------------------------------------------------
  .../hive/jdbc/ZooKeeperHiveClientHelper.java | 32 ++++++++++++++------
  1 file changed, 22 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/dbe5ac6c/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
----------------------------------------------------------------------
diff --git a/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java b/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
index eeb3cf9..4712d2e 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
@@ -137,20 +137,32 @@ class ZooKeeperHiveClientHelper {
              && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.USE_SSL))) {
            connParams.getSessionVars().put(JdbcConnectionParams.USE_SSL, matcher.group(2));
          }
- // Set authentication configs
- // Note that in JDBC driver, we have 3 auth modes: NOSASL, Kerberos and password based
- // The use of "JdbcConnectionParams.AUTH_TYPE=JdbcConnectionParams.AUTH_SIMPLE" picks NOSASL
- // The presence of "JdbcConnectionParams.AUTH_PRINCIPAL=<principal>" picks Kerberos
- // Otherwise password based (which includes NONE, PAM, LDAP, CUSTOM)
- if ((matcher.group(1).equals("hive.server2.authentication"))
- && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE))) {
- if (matcher.group(2).equalsIgnoreCase("NOSASL")) {
+ /**
+ * Note: this is pretty messy, but sticking to the current implementation.
+ * Set authentication configs. Note that in JDBC driver, we have 3 auth modes: NOSASL,
+ * Kerberos (including delegation token mechanism) and password based.
+ * The use of JdbcConnectionParams.AUTH_TYPE==JdbcConnectionParams.AUTH_SIMPLE picks NOSASL.
+ * The presence of JdbcConnectionParams.AUTH_PRINCIPAL==<principal> picks Kerberos.
+ * If principal is absent, the presence of
+ * JdbcConnectionParams.AUTH_TYPE==JdbcConnectionParams.AUTH_TOKEN uses delegation token.
+ * Otherwise password based (which includes NONE, PAM, LDAP, CUSTOM)
+ */
+ if (matcher.group(1).equals("hive.server2.authentication")) {
+ // NOSASL
+ if (matcher.group(2).equalsIgnoreCase("NOSASL")
+ && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE) && connParams
+ .getSessionVars().get(JdbcConnectionParams.AUTH_TYPE)
+ .equalsIgnoreCase(JdbcConnectionParams.AUTH_SIMPLE))) {
              connParams.getSessionVars().put(JdbcConnectionParams.AUTH_TYPE,
                  JdbcConnectionParams.AUTH_SIMPLE);
            }
          }
- // Set server's kerberos principal
- if ((matcher.group(1).equals("hive.server2.authentication.kerberos.principal"))
+ // KERBEROS
+ // If delegation token is passed from the client side, do not set the principal
+ if (matcher.group(2).equalsIgnoreCase("hive.server2.authentication.kerberos.principal")
+ && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE) && connParams
+ .getSessionVars().get(JdbcConnectionParams.AUTH_TYPE)
+ .equalsIgnoreCase(JdbcConnectionParams.AUTH_TOKEN))
              && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_PRINCIPAL))) {
            connParams.getSessionVars().put(JdbcConnectionParams.AUTH_PRINCIPAL, matcher.group(2));
          }

Search Discussions

Discussion Posts

Previous

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 2 | next ›
Discussion Overview
groupcommits @
categorieshive, hadoop
postedSep 22, '15 at 12:03a
activeSep 22, '15 at 12:04a
posts2
users1
websitehive.apache.org

1 user in discussion

Vgumashta: 2 posts

People

Translate

site design / logo © 2021 Grokbase