livy-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vanzin <...@git.apache.org>
Subject [GitHub] incubator-livy pull request #117: [LIVY-502] Remove dependency on hive-exec
Date Thu, 29 Nov 2018 00:57:16 GMT
Github user vanzin commented on a diff in the pull request:

    https://github.com/apache/incubator-livy/pull/117#discussion_r237317373
  
    --- Diff: thriftserver/server/src/main/scala/org/apache/livy/thriftserver/auth/AuthFactory.scala
---
    @@ -0,0 +1,197 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.livy.thriftserver.auth
    +
    +import java.io.IOException
    +import java.util
    +import javax.security.auth.callback._
    +import javax.security.auth.login.LoginException
    +import javax.security.sasl.{AuthorizeCallback, Sasl}
    +
    +import org.apache.hadoop.conf.Configuration
    +import org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION
    +import org.apache.hadoop.security.SaslRpcServer.AuthMethod
    +import org.apache.hive.service.auth.{SaslQOP, TSetIpAddressProcessor}
    +import org.apache.hive.service.auth.AuthenticationProviderFactory.AuthMethods
    +import org.apache.hive.service.auth.HiveAuthConstants.AuthTypes
    +import org.apache.hive.service.cli.HiveSQLException
    +import org.apache.hive.service.rpc.thrift.TCLIService
    +import org.apache.hive.service.rpc.thrift.TCLIService.Iface
    +import org.apache.thrift.{TProcessor, TProcessorFactory}
    +import org.apache.thrift.transport.{TTransport, TTransportException, TTransportFactory}
    +
    +import org.apache.livy.{LivyConf, Logging}
    +import org.apache.livy.thriftserver.cli.ThriftCLIService
    +
    +/**
    + * This class is a porting of the parts we use from `HiveAuthFactory` by Hive.
    + */
    +class AuthFactory(val conf: LivyConf) extends Logging {
    +
    +  private val authTypeStr = conf.get(LivyConf.THRIFT_AUTHENTICATION)
    +  // ShimLoader.getHadoopShims().isSecurityEnabled() will only check that
    +  // hadoopAuth is not simple, it does not guarantee it is kerberos
    +  private val hadoopAuth = new Configuration().get(HADOOP_SECURITY_AUTHENTICATION)
    +
    +  private val secretManager = if (isSASLWithKerberizedHadoop) {
    +      val sm = new LivyDelegationTokenSecretManager(conf)
    +      try {
    +        sm.startThreads()
    +      } catch {
    +        case e: IOException =>
    +          throw new TTransportException("Failed to start token manager", e)
    +      }
    +      Some(sm)
    +    } else {
    +      None
    +    }
    +
    +  private val saslServer: Option[AuthBridgeServer] = secretManager.map { sm =>
    +      new AuthBridgeServer(sm)
    +    }
    +
    +  def getSaslProperties: util.Map[String, String] = {
    +    val saslProps = new util.HashMap[String, String]
    +    val saslQOP = SaslQOP.fromString(conf.get(LivyConf.THRIFT_SASL_QOP))
    +    saslProps.put(Sasl.QOP, saslQOP.toString)
    +    saslProps.put(Sasl.SERVER_AUTH, "true")
    +    saslProps
    +  }
    +
    +  @throws[LoginException]
    +  def getAuthTransFactory: TTransportFactory = {
    +    val isAuthKerberos = authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName)
    +    val isAuthNoSASL = authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName)
    +    // TODO: add LDAP and PAM when supported
    +    val isAuthOther = authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName) ||
    +      authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName)
    +
    --- End diff --
    
    too many empty lines


---

Mime
View raw message