You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by za...@apache.org on 2022/09/23 11:55:55 UTC
[hive] branch master updated: HIVE-26549: WebHCat servers fails to start due to authentication filter configuration (Zhiguo Wu reviewed by Stamatis Zampetakis)
This is an automated email from the ASF dual-hosted git repository.
zabetak pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 7f29593b086 HIVE-26549: WebHCat servers fails to start due to authentication filter configuration (Zhiguo Wu reviewed by Stamatis Zampetakis)
7f29593b086 is described below
commit 7f29593b0869317fcc0c1d3cd2add95799c1c2f3
Author: wzg547228197 <wz...@gmail.com>
AuthorDate: Wed Sep 21 00:41:10 2022 +0800
HIVE-26549: WebHCat servers fails to start due to authentication filter configuration (Zhiguo Wu reviewed by Stamatis Zampetakis)
Closes #3609
---
.../org/apache/hive/hcatalog/templeton/Main.java | 25 ++++++++++++++--------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
index d2776ffbfd1..66fa5eb4ae8 100644
--- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
+++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
@@ -32,6 +32,8 @@ import java.util.HashMap;
import java.util.Objects;
import java.util.Set;
+import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
+import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.commons.lang3.StringUtils;
@@ -306,18 +308,23 @@ public class Main {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ String confPrefix = "dfs.web.authentication";
+ String prefix = confPrefix + ".";
+ authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
+ authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
+
if (UserGroupInformation.isSecurityEnabled()) {
- //http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
- authFilter.setInitParameter("dfs.web.authentication.signature.secret",
- conf.kerberosSecret());
- //https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
+ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
+
String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0");
- authFilter.setInitParameter("dfs.web.authentication.kerberos.principal",
- serverPrincipal);
- //http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
- authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab",
- conf.kerberosKeytab());
+ authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.PRINCIPAL, serverPrincipal);
+ authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.KEYTAB, conf.kerberosKeytab());
+ authFilter.setInitParameter(prefix + AuthenticationFilter.SIGNATURE_SECRET, conf.kerberosSecret());
+ } else {
+ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
}
+
return authFilter;
}