FAQ
Repository: hive
Updated Branches:
   refs/heads/branch-2.0 c00fcc389 -> 9ca30cf14


HIVE-13401: Kerberized HS2 with LDAP auth enabled fails kerberos/delegation token authentication (Chaoyu Tang, reviewed by Szehon Ho)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/9ca30cf1
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/9ca30cf1
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/9ca30cf1

Branch: refs/heads/branch-2.0
Commit: 9ca30cf14044e0442434a9d664af196e02da59ad
Parents: c00fcc3
Author: ctang <ctang@cloudera.com>
Authored: Wed Apr 6 08:58:20 2016 -0400
Committer: ctang <ctang@cloudera.com>
Committed: Wed Apr 6 08:58:20 2016 -0400

----------------------------------------------------------------------
  .../minikdc/TestJdbcNonKrbSASLWithMiniKdc.java | 103 +++++++++++++++++++
  1 file changed, 103 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/9ca30cf1/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcNonKrbSASLWithMiniKdc.java
----------------------------------------------------------------------
diff --git a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcNonKrbSASLWithMiniKdc.java b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcNonKrbSASLWithMiniKdc.java
new file mode 100644
index 0000000..1c1beda
--- /dev/null
+++ b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcNonKrbSASLWithMiniKdc.java
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hive.minikdc;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import java.sql.DriverManager;
+import java.sql.SQLException;
+
+import javax.security.sasl.AuthenticationException;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.hive.jdbc.miniHS2.MiniHS2;
+import org.apache.hive.service.auth.PasswdAuthenticationProvider;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class TestJdbcNonKrbSASLWithMiniKdc extends TestJdbcWithMiniKdc{
+
+ public static class CustomAuthenticator implements PasswdAuthenticationProvider {
+ @Override
+ public void Authenticate(String user, String password) throws AuthenticationException {
+ if (!("nonkrbuser".equals(user) && "mypwd".equals(password))) {
+ throw new AuthenticationException("Authentication failed");
+ }
+ }
+ }
+
+ @BeforeClass
+ public static void beforeTest() throws Exception {
+ Class.forName(MiniHS2.getJdbcDriverName());
+ confOverlay.put(ConfVars.HIVE_SERVER2_SESSION_HOOK.varname,
+ SessionHookTest.class.getName());
+ confOverlay.put(ConfVars.HIVE_SERVER2_CUSTOM_AUTHENTICATION_CLASS.varname,
+ CustomAuthenticator.class.getName());
+ HiveConf hiveConf = new HiveConf();
+ miniHiveKdc = MiniHiveKdc.getMiniHiveKdc(hiveConf);
+ miniHS2 = MiniHiveKdc.getMiniHS2WithKerbWithRemoteHMS(miniHiveKdc, hiveConf, "CUSTOM");
+ miniHS2.start(confOverlay);
+ }
+
+ /***
+ * Test a nonkrb user could login the kerberized HS2 with authentication type SASL NONE
+ * @throws Exception
+ */
+ @Test
+ public void testNonKrbSASLAuth() throws Exception {
+ hs2Conn = DriverManager.getConnection(miniHS2.getBaseJdbcURL() + "default;user=nonkrbuser;password=mypwd");
+ verifyProperty(SESSION_USER_NAME, "nonkrbuser");
+ hs2Conn.close();
+ }
+
+ /***
+ * Negative test, verify that connection to secure HS2 fails if it is noSasl
+ * @throws Exception
+ */
+ @Test
+ public void testNoSaslConnectionNeg() throws Exception {
+ try {
+ String url = miniHS2.getBaseJdbcURL() + "default;auth=noSasl";
+ hs2Conn = DriverManager.getConnection(url);
+ fail("noSasl connection should fail");
+ } catch (SQLException e) {
+ // expected error
+ assertEquals("08S01", e.getSQLState().trim());
+ }
+ }
+
+ /***
+ * Negative test, verify that NonKrb connection to secure HS2 fails if it is
+ * user/pwd do not match.
+ * @throws Exception
+ */
+ @Test
+ public void testNoKrbConnectionNeg() throws Exception {
+ try {
+ String url = miniHS2.getBaseJdbcURL() + "default;user=wronguser;pwd=mypwd";
+ hs2Conn = DriverManager.getConnection(url);
+ fail("noSasl connection should fail");
+ } catch (SQLException e) {
+ // expected error
+ assertEquals("08S01", e.getSQLState().trim());
+ }
+ }
+}
\ No newline at end of file

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 3 | next ›
Discussion Overview
groupcommits @
categorieshive, hadoop
postedApr 6, '16 at 12:58p
activeApr 9, '16 at 1:25p
posts3
users1
websitehive.apache.org

1 user in discussion

Ctang: 3 posts

People

Translate

site design / logo © 2021 Grokbase