You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by vg...@apache.org on 2014/09/28 10:49:47 UTC
svn commit: r1628053 - in
/hive/branches/branch-0.14/service/src/java/org/apache/hive/service:
auth/HttpAuthUtils.java cli/thrift/ThriftHttpServlet.java
Author: vgumashta
Date: Sun Sep 28 08:49:47 2014
New Revision: 1628053
URL: http://svn.apache.org/r1628053
Log:
HIVE-8246: HiveServer2 in http-kerberos mode is restrictive on client usernames (Vaibhav Gumashta reviewed by Thejas Nair)
Modified:
hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
hive/branches/branch-0.14/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
Modified: hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java?rev=1628053&r1=1628052&r2=1628053&view=diff
==============================================================================
--- hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java (original)
+++ hive/branches/branch-0.14/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java Sun Sep 28 08:49:47 2014
@@ -62,7 +62,7 @@ public final class HttpAuthUtils {
String serverPrincipal = getServerPrincipal(principal, host);
// Uses the Ticket Granting Ticket in the UserGroupInformation
return clientUGI.doAs(
- new HttpKerberosClientAction(serverPrincipal, clientUGI.getShortUserName(), serverHttpUrl));
+ new HttpKerberosClientAction(serverPrincipal, clientUGI.getUserName(), serverHttpUrl));
}
/**
Modified: hive/branches/branch-0.14/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.14/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java?rev=1628053&r1=1628052&r2=1628053&view=diff
==============================================================================
--- hive/branches/branch-0.14/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java (original)
+++ hive/branches/branch-0.14/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java Sun Sep 28 08:49:47 2014
@@ -32,6 +32,7 @@ import org.apache.commons.codec.binary.S
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hive.service.auth.AuthenticationProviderFactory;
import org.apache.hive.service.auth.AuthenticationProviderFactory.AuthMethods;
import org.apache.hive.service.auth.HiveAuthFactory;
@@ -219,7 +220,7 @@ public class ThriftHttpServlet extends T
"provided by the client.");
}
else {
- return getPrincipalWithoutRealm(gssContext.getSrcName().toString());
+ return getPrincipalWithoutRealmAndHost(gssContext.getSrcName().toString());
}
}
catch (GSSException e) {
@@ -237,8 +238,19 @@ public class ThriftHttpServlet extends T
}
private String getPrincipalWithoutRealm(String fullPrincipal) {
- String names[] = fullPrincipal.split("[@]");
- return names[0];
+ KerberosName fullKerberosName = new KerberosName(fullPrincipal);
+ String serviceName = fullKerberosName.getServiceName();
+ String hostName = fullKerberosName.getHostName();
+ String principalWithoutRealm = serviceName;
+ if (hostName != null) {
+ principalWithoutRealm = serviceName + "/" + hostName;
+ }
+ return principalWithoutRealm;
+ }
+
+ private String getPrincipalWithoutRealmAndHost(String fullPrincipal) {
+ KerberosName fullKerberosName = new KerberosName(fullPrincipal);
+ return fullKerberosName.getServiceName();
}
}