You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kyuubi.apache.org by ch...@apache.org on 2022/08/24 05:33:29 UTC
[incubator-kyuubi] 01/02: Revert "[KYUUBI #3020][FOLLOWUP] Refactor the code style"
This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch branch-1.6
in repository https://gitbox.apache.org/repos/asf/incubator-kyuubi.git
commit 2191dea0ca30166d865105707e14a45b8ed71f65
Author: Cheng Pan <ch...@apache.org>
AuthorDate: Wed Aug 24 13:27:58 2022 +0800
Revert "[KYUUBI #3020][FOLLOWUP] Refactor the code style"
This reverts commit a8e201a8d6ff11b6df955ae8e562606cd2e733fd.
---
.../org/apache/kyuubi/config/KyuubiConf.scala | 2 +-
.../LdapAuthenticationProviderImpl.scala | 42 ++++++++++++----------
2 files changed, 24 insertions(+), 20 deletions(-)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 7a1538ade..f994ad232 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2018,7 +2018,7 @@ object KyuubiConf {
DeprecatedConfig(
AUTHENTICATION_LDAP_GUIDKEY.key,
"1.6.0",
- s"using ${AUTHENTICATION_LDAP_BINDDN.key} instead"))
+ s"using ${AUTHENTICATION_LDAP_BINDDN} instead"))
Map(configs.map { cfg => cfg.key -> cfg }: _*)
}
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
index e2932f844..9bd80cdd7 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
@@ -60,8 +60,27 @@ class LdapAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
val domain = conf.get(AUTHENTICATION_LDAP_DOMAIN)
val mail = if (!hasDomain(user) && domain.nonEmpty) (user + "@" + domain.get) else user
+ var bindDn = conf.get(AUTHENTICATION_LDAP_BINDDN).getOrElse("")
+ val guidKey = conf.get(AUTHENTICATION_LDAP_GUIDKEY)
- conf.get(AUTHENTICATION_LDAP_BINDDN).map { bindDn =>
+ if ("".equals(bindDn)) {
+ bindDn = conf.get(AUTHENTICATION_LDAP_BASEDN) match {
+ case Some(dn) => guidKey + "=" + mail + "," + dn
+ case _ => mail
+ }
+ env.put(Context.SECURITY_PRINCIPAL, bindDn)
+ env.put(Context.SECURITY_CREDENTIALS, password)
+ try {
+ val ctx = new InitialDirContext(env)
+ ctx.close()
+ } catch {
+ case e: NamingException =>
+ throw new AuthenticationException(
+ s"Error validating LDAP user: $user," +
+ s" bindDn: $bindDn.",
+ e)
+ }
+ } else {
val baseDn = conf.get(AUTHENTICATION_LDAP_BASEDN).getOrElse("")
val bindPw = conf.get(AUTHENTICATION_LDAP_PASSWORD).getOrElse("")
val attrs = conf.get(AUTHENTICATION_LDAP_ATTRIBUTES).toArray
@@ -73,7 +92,8 @@ class LdapAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
val sc = new SearchControls
sc.setReturningAttributes(attrs)
sc.setSearchScope(SearchControls.SUBTREE_SCOPE)
- nameEnuResults = ctx.search(baseDn, s"(mail=$mail)", sc)
+ val searchFilter = String.format("(%s=%s)", "mail", mail)
+ nameEnuResults = ctx.search(baseDn, searchFilter, sc)
} catch {
case e: NamingException =>
throw new AuthenticationException(
@@ -110,24 +130,8 @@ class LdapAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
s"LDAP InitialLdapContext search results are empty, Error validating LDAP user: $user," +
s" bindDn: $bindDn.")
}
- }.getOrElse {
- val guidKey = conf.get(AUTHENTICATION_LDAP_GUIDKEY)
- val bindDn = conf.get(AUTHENTICATION_LDAP_BASEDN) match {
- case Some(dn) => guidKey + "=" + mail + "," + dn
- case _ => mail
- }
- env.put(Context.SECURITY_PRINCIPAL, bindDn)
- env.put(Context.SECURITY_CREDENTIALS, password)
- try {
- val ctx = new InitialDirContext(env)
- ctx.close()
- } catch {
- case e: NamingException =>
- throw new AuthenticationException(
- s"Error validating LDAP user: $user, bindDn: $bindDn.",
- e)
- }
}
+
}
private def hasDomain(userName: String): Boolean = ServiceUtils.indexOfDomainMatch(userName) > 0