drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-4280) Kerberos Authentication
Date Tue, 01 Nov 2016 16:38:59 GMT

    [ https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15625931#comment-15625931
] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user sudheeshkatkam commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r85852510
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/security/AuthenticationMechanismFactory.java
---
    @@ -0,0 +1,169 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + * http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.security;
    +
    +import com.google.common.base.Function;
    +import com.google.common.base.Strings;
    +import com.google.common.collect.Iterators;
    +import com.google.common.collect.Sets;
    +import org.apache.drill.common.AutoCloseables;
    +import org.apache.drill.common.config.DrillConfig;
    +import org.apache.drill.common.map.CaseInsensitiveMap;
    +import org.apache.drill.common.scanner.persistence.ScanResult;
    +import org.apache.drill.exec.ExecConstants;
    +import org.apache.drill.exec.exception.DrillbitStartupException;
    +import org.apache.drill.exec.rpc.security.plain.PlainMechanism;
    +import org.apache.drill.exec.rpc.user.security.UserAuthenticator;
    +import org.apache.drill.exec.rpc.user.security.UserAuthenticatorFactory;
    +import org.apache.drill.exec.security.LoginManager;
    +
    +import javax.annotation.Nullable;
    +import java.lang.reflect.Constructor;
    +import java.lang.reflect.InvocationTargetException;
    +import java.util.Collection;
    +import java.util.List;
    +import java.util.Map;
    +import java.util.Set;
    +
    +public class AuthenticationMechanismFactory implements AutoCloseable {
    +  private static final org.slf4j.Logger logger =
    +      org.slf4j.LoggerFactory.getLogger(AuthenticationMechanismFactory.class);
    +
    +  public static final String AUTHENTICATION_MECHANISMS = "drill.exec.security.auth.mechanisms";
    +
    +  // Mapping: SASL name -> mechanism
    +  // See AuthenticationMechanism#getMechanismName
    +  private final Map<String, AuthenticationMechanism> mechanisms = CaseInsensitiveMap.newHashMapWithExpectedSize(5);
    +
    +  @SuppressWarnings("unchecked")
    +  public AuthenticationMechanismFactory(final DrillConfig config, final ScanResult scan,
    +                                        final LoginManager loginManager) throws DrillbitStartupException
{
    +    if (!config.hasPath(ExecConstants.AUTHENTICATION_MECHANISMS)) {
    +      return;
    +    }
    +
    +    final List<String> configuredMechanisms = config.getStringList(ExecConstants.AUTHENTICATION_MECHANISMS);
    +    logger.debug("Configuring authentication mechanisms: {}", configuredMechanisms);
    +    // transform all names to uppercase
    +    final Set<String> configuredMechanismsSet = Sets.newHashSet(Iterators.transform(configuredMechanisms.iterator(),
    +        new Function<String, String>() {
    +          @Nullable
    +          @Override
    +          public String apply(@Nullable String input) {
    +            return input == null ? null : input.toUpperCase();
    +          }
    +        }));
    +
    +    // PLAIN mechanism need special handling due to UserAuthenticator
    +    if (configuredMechanismsSet.contains(PlainMechanism.MECHANISM_NAME)) {
    +      // instantiated here, but closed in PlainMechanism#close
    +      final UserAuthenticator userAuthenticator = UserAuthenticatorFactory.createAuthenticator(config,
scan);
    +      final PlainMechanism mechanism = new PlainMechanism(userAuthenticator);
    +      mechanisms.put(PlainMechanism.MECHANISM_NAME, mechanism);
    +      configuredMechanismsSet.remove(PlainMechanism.MECHANISM_NAME);
    --- End diff --
    
    Done.


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Chunhui Shi
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means that both
the ODBC and JDBC drivers as well as the web/REST interfaces should support inbound Kerberos.
For Web this would most likely be SPNEGO while for ODBC and JDBC this will be more generic
Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a lot of reuse
of ideas if not implementation.
> Note that this is related to but not the same as https://issues.apache.org/jira/browse/DRILL-3584




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message