hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From x..@apache.org
Subject [23/50] [abbrv] hive git commit: HIVE-11875: JDBC Driver does not honor delegation token mechanism when readings params from ZooKeeper (Vaibhav Gumashta reviewed by Jason Dere)
Date Fri, 25 Sep 2015 01:40:01 GMT
HIVE-11875: JDBC Driver does not honor delegation token mechanism when readings params from
ZooKeeper (Vaibhav Gumashta reviewed by Jason Dere)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/514ab795
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/514ab795
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/514ab795

Branch: refs/heads/beeline-cli
Commit: 514ab795ffd03a72803f878eac57e3cf82b80045
Parents: 2a65989
Author: Vaibhav Gumashta <vgumashta@apache.org>
Authored: Mon Sep 21 17:00:24 2015 -0700
Committer: Vaibhav Gumashta <vgumashta@apache.org>
Committed: Mon Sep 21 17:00:24 2015 -0700

----------------------------------------------------------------------
 .../hive/jdbc/ZooKeeperHiveClientHelper.java    | 32 ++++++++++++++------
 1 file changed, 22 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/514ab795/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
----------------------------------------------------------------------
diff --git a/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java b/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
index eeb3cf9..4712d2e 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
@@ -137,20 +137,32 @@ class ZooKeeperHiveClientHelper {
             && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.USE_SSL)))
{
           connParams.getSessionVars().put(JdbcConnectionParams.USE_SSL, matcher.group(2));
         }
-        // Set authentication configs
-        // Note that in JDBC driver, we have 3 auth modes: NOSASL, Kerberos and password
based
-        // The use of "JdbcConnectionParams.AUTH_TYPE=JdbcConnectionParams.AUTH_SIMPLE" picks
NOSASL
-        // The presence of "JdbcConnectionParams.AUTH_PRINCIPAL=<principal>" picks
Kerberos
-        // Otherwise password based (which includes NONE, PAM, LDAP, CUSTOM)
-        if ((matcher.group(1).equals("hive.server2.authentication"))
-            && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE)))
{
-          if (matcher.group(2).equalsIgnoreCase("NOSASL")) {
+        /**
+         * Note: this is pretty messy, but sticking to the current implementation.
+         * Set authentication configs. Note that in JDBC driver, we have 3 auth modes: NOSASL,
+         * Kerberos (including delegation token mechanism) and password based.
+         * The use of JdbcConnectionParams.AUTH_TYPE==JdbcConnectionParams.AUTH_SIMPLE picks
NOSASL.
+         * The presence of JdbcConnectionParams.AUTH_PRINCIPAL==<principal> picks Kerberos.
+         * If principal is absent, the presence of
+         * JdbcConnectionParams.AUTH_TYPE==JdbcConnectionParams.AUTH_TOKEN uses delegation
token.
+         * Otherwise password based (which includes NONE, PAM, LDAP, CUSTOM)
+         */
+        if (matcher.group(1).equals("hive.server2.authentication")) {
+          // NOSASL
+          if (matcher.group(2).equalsIgnoreCase("NOSASL")
+              && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE)
&& connParams
+                  .getSessionVars().get(JdbcConnectionParams.AUTH_TYPE)
+                  .equalsIgnoreCase(JdbcConnectionParams.AUTH_SIMPLE))) {
             connParams.getSessionVars().put(JdbcConnectionParams.AUTH_TYPE,
                 JdbcConnectionParams.AUTH_SIMPLE);
           }
         }
-        // Set server's kerberos principal
-        if ((matcher.group(1).equals("hive.server2.authentication.kerberos.principal"))
+        // KERBEROS
+        // If delegation token is passed from the client side, do not set the principal
+        if (matcher.group(2).equalsIgnoreCase("hive.server2.authentication.kerberos.principal")
+            && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE)
&& connParams
+                .getSessionVars().get(JdbcConnectionParams.AUTH_TYPE)
+                .equalsIgnoreCase(JdbcConnectionParams.AUTH_TOKEN))
             && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_PRINCIPAL)))
{
           connParams.getSessionVars().put(JdbcConnectionParams.AUTH_PRINCIPAL, matcher.group(2));
         }


Mime
View raw message