You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by vg...@apache.org on 2014/09/25 22:46:40 UTC
svn commit: r1627665 - in
/hive/trunk/service/src/java/org/apache/hive/service:
auth/HttpAuthUtils.java cli/thrift/ThriftHttpServlet.java
Author: vgumashta
Date: Thu Sep 25 20:46:39 2014
New Revision: 1627665
URL: http://svn.apache.org/r1627665
Log:
HIVE-8246: HiveServer2 in http-kerberos mode is restrictive on client usernames (Vaibhav Gumashta reviewed by Thejas Nair)
Modified:
hive/trunk/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
Modified: hive/trunk/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java?rev=1627665&r1=1627664&r2=1627665&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java Thu Sep 25 20:46:39 2014
@@ -62,7 +62,7 @@ public final class HttpAuthUtils {
String serverPrincipal = getServerPrincipal(principal, host);
// Uses the Ticket Granting Ticket in the UserGroupInformation
return clientUGI.doAs(
- new HttpKerberosClientAction(serverPrincipal, clientUGI.getShortUserName(), serverHttpUrl));
+ new HttpKerberosClientAction(serverPrincipal, clientUGI.getUserName(), serverHttpUrl));
}
/**
Modified: hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java?rev=1627665&r1=1627664&r2=1627665&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java Thu Sep 25 20:46:39 2014
@@ -32,6 +32,7 @@ import org.apache.commons.codec.binary.S
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hive.service.auth.AuthenticationProviderFactory;
import org.apache.hive.service.auth.AuthenticationProviderFactory.AuthMethods;
import org.apache.hive.service.auth.HiveAuthFactory;
@@ -219,7 +220,7 @@ public class ThriftHttpServlet extends T
"provided by the client.");
}
else {
- return getPrincipalWithoutRealm(gssContext.getSrcName().toString());
+ return getPrincipalWithoutRealmAndHost(gssContext.getSrcName().toString());
}
}
catch (GSSException e) {
@@ -237,8 +238,19 @@ public class ThriftHttpServlet extends T
}
private String getPrincipalWithoutRealm(String fullPrincipal) {
- String names[] = fullPrincipal.split("[@]");
- return names[0];
+ KerberosName fullKerberosName = new KerberosName(fullPrincipal);
+ String serviceName = fullKerberosName.getServiceName();
+ String hostName = fullKerberosName.getHostName();
+ String principalWithoutRealm = serviceName;
+ if (hostName != null) {
+ principalWithoutRealm = serviceName + "/" + hostName;
+ }
+ return principalWithoutRealm;
+ }
+
+ private String getPrincipalWithoutRealmAndHost(String fullPrincipal) {
+ KerberosName fullKerberosName = new KerberosName(fullPrincipal);
+ return fullKerberosName.getServiceName();
}
}