You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@kyuubi.apache.org by GitBox <gi...@apache.org> on 2022/10/26 05:53:58 UTC

[GitHub] [incubator-kyuubi] pan3793 commented on a diff in pull request #3706: [KYUUBI #3705] Add docs for JDBC authentication usage with in-memory database

pan3793 commented on code in PR #3706:
URL: https://github.com/apache/incubator-kyuubi/pull/3706#discussion_r1005250001


##########
docs/security/jdbc.md:
##########
@@ -46,4 +46,19 @@ kyuubi.authentication.jdbc.url = jdbc:mysql://127.0.0.1:3306/auth_db
 kyuubi.authentication.jdbc.user = bowenliang123
 kyuubi.authentication.jdbc.password = bowenliang123@kyuubi
 kyuubi.authentication.jdbc.query = SELECT 1 FROM auth_table WHERE user=${user} AND passwd=MD5(CONCAT(salt,${password}))
-```
\ No newline at end of file
+```
+
+## Authentication with In-memory Database
+
+Used with auto created in-memory database, JDBC authentication could be applied for token validation without start up a dedicated database service or custom plugin. 
+
+Consider authenticating a pair of a username and a token which contacted with an `expire_time` in 'yyyyMMddHHmm' format and a MD5 signature generated with sequence of `expire_time`, `username` and a secret key. With the following example, an H2 in-memory database will be auto crated with Kyuubi Server and used for authentication with its system function `HASH` and checking token expire time with `NOW()`.
+
+```properties
+kyuubi.authentication=JDBC
+kyuubi.authentication.jdbc.driver.class = org.h2.Driver
+kyuubi.authentication.jdbc.url = jdbc:h2:mem:
+kyuubi.authentication.jdbc.user = no_user
+kyuubi.authentication.jdbc.query = SELECT 1 FROM (SELECT ${user} as username, 'secret_key' as secret_key, SUBSTRING(${password}, 0, 12) as expire_time, SUBSTRING(${password}, 13) as signed
+) WHERE signed = RAWTOHEX(HASH('MD5', CONCAT(secret_key, username, expire_time))) AND PARSEDATETIME(expire_time,'yyyyMMddHHmm') > NOW();
+```

Review Comment:
   Kyuubi conf file support using back slash to set multi-lines value



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org