You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by za...@apache.org on 2022/09/23 11:55:55 UTC

[hive] branch master updated: HIVE-26549: WebHCat servers fails to start due to authentication filter configuration (Zhiguo Wu reviewed by Stamatis Zampetakis)

This is an automated email from the ASF dual-hosted git repository.

zabetak pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new 7f29593b086 HIVE-26549: WebHCat servers fails to start due to authentication filter configuration (Zhiguo Wu reviewed by Stamatis Zampetakis)
7f29593b086 is described below

commit 7f29593b0869317fcc0c1d3cd2add95799c1c2f3
Author: wzg547228197 <wz...@gmail.com>
AuthorDate: Wed Sep 21 00:41:10 2022 +0800

    HIVE-26549: WebHCat servers fails to start due to authentication filter configuration (Zhiguo Wu reviewed by Stamatis Zampetakis)
    
    Closes #3609
---
 .../org/apache/hive/hcatalog/templeton/Main.java   | 25 ++++++++++++++--------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
index d2776ffbfd1..66fa5eb4ae8 100644
--- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
+++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
@@ -32,6 +32,8 @@ import java.util.HashMap;
 import java.util.Objects;
 import java.util.Set;
 
+import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
+import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.commons.lang3.StringUtils;
@@ -306,18 +308,23 @@ public class Main {
   public FilterHolder makeAuthFilter() throws IOException {
     FilterHolder authFilter = new FilterHolder(AuthFilter.class);
     UserNameHandler.allowAnonymous(authFilter);
+  
+    String confPrefix = "dfs.web.authentication";
+    String prefix = confPrefix + ".";
+    authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
+    authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
+    
     if (UserGroupInformation.isSecurityEnabled()) {
-      //http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
-      authFilter.setInitParameter("dfs.web.authentication.signature.secret",
-        conf.kerberosSecret());
-      //https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
+      authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
+      
       String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0");
-      authFilter.setInitParameter("dfs.web.authentication.kerberos.principal",
-        serverPrincipal);
-      //http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
-      authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab",
-        conf.kerberosKeytab());
+      authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.PRINCIPAL, serverPrincipal);
+      authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.KEYTAB, conf.kerberosKeytab());
+      authFilter.setInitParameter(prefix + AuthenticationFilter.SIGNATURE_SECRET, conf.kerberosSecret());
+    } else {
+      authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
     }
+    
     return authFilter;
   }