You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by vg...@apache.org on 2014/10/03 07:46:34 UTC
svn commit: r1629116 -
/hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
Author: vgumashta
Date: Fri Oct 3 05:46:33 2014
New Revision: 1629116
URL: http://svn.apache.org/r1629116
Log:
HIVE-6799: HiveServer2 needs to map kerberos name to local name before proxy check (Dilli Arumugam reviewed by Vaibhav Gumashta)
Modified:
hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
Modified: hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java?rev=1629116&r1=1629115&r2=1629116&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java Fri Oct 3 05:46:33 2014
@@ -23,6 +23,7 @@ import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
+
import javax.security.auth.login.LoginException;
import javax.security.sasl.Sasl;
@@ -31,6 +32,7 @@ import org.apache.hadoop.hive.conf.HiveC
import org.apache.hadoop.hive.shims.ShimLoader;
import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hive.service.cli.HiveSQLException;
import org.apache.hive.service.cli.thrift.ThriftCLIService;
import org.apache.thrift.TProcessorFactory;
@@ -289,7 +291,9 @@ public class HiveAuthFactory {
try {
UserGroupInformation sessionUgi;
if (ShimLoader.getHadoopShims().isSecurityEnabled()) {
- sessionUgi = ShimLoader.getHadoopShims().createProxyUser(realUser);
+ KerberosName kerbName = new KerberosName(realUser);
+ String shortPrincipalName = kerbName.getServiceName();
+ sessionUgi = ShimLoader.getHadoopShims().createProxyUser(shortPrincipalName);
} else {
sessionUgi = ShimLoader.getHadoopShims().createRemoteUser(realUser, null);
}
@@ -302,5 +306,5 @@ public class HiveAuthFactory {
"Failed to validate proxy privilege of " + realUser + " for " + proxyUser, e);
}
}
-
+
}