You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hive.apache.org by vg...@apache.org on 2014/10/03 07:46:34 UTC

svn commit: r1629116 - /hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java

Author: vgumashta
Date: Fri Oct  3 05:46:33 2014
New Revision: 1629116

URL: http://svn.apache.org/r1629116
Log:
HIVE-6799: HiveServer2 needs to map kerberos name to local name before proxy check (Dilli Arumugam reviewed by Vaibhav Gumashta)

Modified:
    hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java

Modified: hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java?rev=1629116&r1=1629115&r2=1629116&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java Fri Oct  3 05:46:33 2014
@@ -23,6 +23,7 @@ import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
 import java.util.HashMap;
 import java.util.Map;
+
 import javax.security.auth.login.LoginException;
 import javax.security.sasl.Sasl;
 
@@ -31,6 +32,7 @@ import org.apache.hadoop.hive.conf.HiveC
 import org.apache.hadoop.hive.shims.ShimLoader;
 import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.util.KerberosName;
 import org.apache.hive.service.cli.HiveSQLException;
 import org.apache.hive.service.cli.thrift.ThriftCLIService;
 import org.apache.thrift.TProcessorFactory;
@@ -289,7 +291,9 @@ public class HiveAuthFactory {
     try {
       UserGroupInformation sessionUgi;
       if (ShimLoader.getHadoopShims().isSecurityEnabled()) {
-        sessionUgi = ShimLoader.getHadoopShims().createProxyUser(realUser);
+    	KerberosName kerbName = new KerberosName(realUser);
+    	String shortPrincipalName = kerbName.getServiceName();
+        sessionUgi = ShimLoader.getHadoopShims().createProxyUser(shortPrincipalName);
       } else {
         sessionUgi = ShimLoader.getHadoopShims().createRemoteUser(realUser, null);
       }
@@ -302,5 +306,5 @@ public class HiveAuthFactory {
         "Failed to validate proxy privilege of " + realUser + " for " + proxyUser, e);
     }
   }
-
+  
 }