You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2023/02/10 00:30:00 UTC
[jira] [Work logged] (HIVE-27063) LDAP+JWT auth forms not supported
[ https://issues.apache.org/jira/browse/HIVE-27063?focusedWorklogId=844674&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-844674 ]
ASF GitHub Bot logged work on HIVE-27063:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 10/Feb/23 00:29
Start Date: 10/Feb/23 00:29
Worklog Time Spent: 10m
Work Description: nrg4878 opened a new pull request, #4049:
URL: https://github.com/apache/hive/pull/4049
### What changes were proposed in this pull request?
If hive.server2.authentication is just set to "LDAP,JWT", HS2 fails to start with the exception shown in the HIVE-27063
### Why are the changes needed?
There is some validation code that check to ensure that certain auth mechanisms cannot co-exist with others. This validation code does not do anything with JWT authentication. Added code to account for JWT auth as well.
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
Manually
Unit Tests
Issue Time Tracking
-------------------
Worklog Id: (was: 844674)
Remaining Estimate: 0h
Time Spent: 10m
> LDAP+JWT auth forms not supported
> ---------------------------------
>
> Key: HIVE-27063
> URL: https://issues.apache.org/jira/browse/HIVE-27063
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 4.0.0
> Reporter: Naveen Gangam
> Assignee: Naveen Gangam
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> In HIVE-25875, support for multiple authentication forms was added for Hive Server. In HIVE-25575, support for JWT authentication was added. However, setting hive.server2.authentication="JWT,LDAP" will fail with the following validation error.
> {noformat}
> <12>1 2023-02-03T09:32:11.018Z hiveserver2-0 hiveserver2 1 0393cf91-48f7-49e3-b2b1-b983000d4cd6 [mdc@18060 class="server.HiveServer2" level="WARN" thread="main"] Error starting HiveServer2 on attempt 2, will retry in 60000ms\rorg.apache.hive.service.ServiceException: Failed to Start HiveServer2
> at org.apache.hive.service.CompositeService.start(CompositeService.java:80)
> at org.apache.hive.service.server.HiveServer2.start(HiveServer2.java:692)
> at org.apache.hive.service.server.HiveServer2.startHiveServer2(HiveServer2.java:1154)
> at org.apache.hive.service.server.HiveServer2.access$1400(HiveServer2.java:145)
> at org.apache.hive.service.server.HiveServer2$StartOptionExecutor.execute(HiveServer2.java:1503)
> at org.apache.hive.service.server.HiveServer2.main(HiveServer2.java:1316)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)\r at org.apache.hadoop.util.RunJar.run(RunJar.java:318)
> at org.apache.hadoop.util.RunJar.main(RunJar.java:232)\rCaused by: java.lang.RuntimeException: Failed to init HttpServer
> at org.apache.hive.service.cli.thrift.ThriftHttpCLIService.initServer(ThriftHttpCLIService.java:239)
> at org.apache.hive.service.cli.thrift.ThriftCLIService.start(ThriftCLIService.java:235)
> at org.apache.hive.service.CompositeService.start(CompositeService.java:70) ... 11 more
> Caused by: java.lang.Exception: The authentication types have conflicts: LDAP,JWT
> at org.apache.hive.service.auth.AuthType.verifyTypes(AuthType.java:69)
> at org.apache.hive.service.auth.AuthType.<init>(AuthType.java:43)
> org.apache.hive.service.cli.thrift.ThriftHttpServlet.<init>(ThriftHttpServlet.java:124)
> at org.apache.hive.service.cli.thrift.ThriftHttpCLIService.initServer(ThriftHttpCLIService.java:197) ... 13 more
> {noformat}
> We never fixed the AuthType.validateTypes() to support this.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)