drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5485) Remove WebServer dependency on DrillClient
Date Wed, 24 May 2017 07:04:04 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16022414#comment-16022414

ASF GitHub Bot commented on DRILL-5485:

Github user sohami commented on a diff in the pull request:

    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java
    @@ -91,13 +102,140 @@ protected void configure() {
             bind(new UserAuthEnabled(isAuthEnabled)).to(UserAuthEnabled.class);
             if (isAuthEnabled) {
    +          bindFactory(AuthWebUserConnectionProvider.class).to(WebUserConnection.class);
             } else {
    +          bindFactory(AnonWebUserConnectionProvider.class).to(WebUserConnection.class);
    +  public static class AuthWebUserConnectionProvider implements Factory<WebUserConnection>
    +    @Inject
    +    HttpServletRequest request;
    +    @Inject
    +    WorkManager workManager;
    +    @Override
    +    public WebUserConnection provide() {
    +      final HttpSession session = request.getSession();
    +      final Principal sessionUserPrincipal = request.getUserPrincipal();
    +      // If there is no valid principal this means user is not logged in yet.
    +      if (sessionUserPrincipal == null) {
    +        return null;
    +      }
    +      // User is logged in, let's check if we already have a valid UserSession.
    +      UserSession drillUserSession = (UserSession) session.getAttribute(UserSession.class.getSimpleName());
    +      // Get the close future and remote address. If user is logging in first time then
these will be null and set
    +      // below. Otherwise these will be valid instances which is re-used for the session
    +      ChannelPromise closeFuture = (ChannelPromise) session.getAttribute(ChannelPromise.class.getSimpleName());
    +      SocketAddress remoteAddress = (SocketAddress) session.getAttribute(SocketAddress.class.getSimpleName());
    +      // User is login in for the first time
    +      if (drillUserSession == null) {
    +        final DrillbitContext drillbitContext = workManager.getContext();
    +        drillUserSession = UserSession.Builder.newBuilder()
    +            .withCredentials(UserBitShared.UserCredentials.newBuilder()
    +                .setUserName(sessionUserPrincipal.getName())
    +                .build())
    +            .withOptionManager(drillbitContext.getOptionManager())
    +            .setSupportComplexTypes(drillbitContext.getConfig().getBoolean(ExecConstants.CLIENT_SUPPORT_COMPLEX_TYPES))
    --- End diff --
    For [DrillClient](https://github.com/apache/drill/blob/master/exec/java-exec/src/main/java/org/apache/drill/exec/client/DrillClient.java#L161)
by default this is set as true based on the config only. I looked into the usage and based
on this property in session, if false planner will introduce a project node to convert complex
types to JSON string. On WebServer when data batch is received we convert each data type to
it's string format (even the complex types). Hence it does support complex types since WebClient
now will see all the data in Json string format and should be fine.

> Remove WebServer dependency on DrillClient
> ------------------------------------------
>                 Key: DRILL-5485
>                 URL: https://issues.apache.org/jira/browse/DRILL-5485
>             Project: Apache Drill
>          Issue Type: Improvement
>          Components: Web Server
>            Reporter: Sorabh Hamirwasia
>             Fix For: 1.11.0
> With encryption support using SASL, client's won't be able to authenticate using PLAIN
mechanism when encryption is enabled on the cluster. Today WebServer which is embedded inside
Drillbit creates a DrillClient instance for each WebClient session. And the WebUser is authenticated
as part of authentication between DrillClient instance and Drillbit using PLAIN mechanism.
But with encryption enabled this will fail since encryption doesn't support authentication
using PLAN mechanism, hence no WebClient can connect to a Drillbit. There are below issues
as well with this approach:
> 1) Since DrillClient is used per WebUser session this is expensive as it has heavyweight
RPC layer for DrillClient and all it's dependencies. 
> 2) If the Foreman for a WebUser is also selected to be a different node then there will
be extra hop of transferring data back to WebClient.
> To resolve all the above issue it would be better to authenticate the WebUser locally
using the Drillbit on which WebServer is running without creating DrillClient instance. We
can use the local PAMAuthenticator to authenticate the user. After authentication is successful
the local Drillbit can also serve as the Foreman for all the queries submitted by WebUser.
This can be achieved by submitting the query to the local Drillbit Foreman work queue. This
will also remove the requirement to encrypt the channel opened between WebServer (DrillClient)
and selected Drillbit since with this approach there won't be any physical channel opened
between them.

This message was sent by Atlassian JIRA

View raw message