You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by vg...@apache.org on 2015/09/22 02:03:38 UTC

hive git commit: HIVE-11875: JDBC Driver does not honor delegation token mechanism when readings params from ZooKeeper (Vaibhav Gumashta reviewed by Jason Dere)

Repository: hive
Updated Branches:
  refs/heads/master 2a65989a4 -> 514ab795f


HIVE-11875: JDBC Driver does not honor delegation token mechanism when readings params from ZooKeeper (Vaibhav Gumashta reviewed by Jason Dere)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/514ab795
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/514ab795
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/514ab795

Branch: refs/heads/master
Commit: 514ab795ffd03a72803f878eac57e3cf82b80045
Parents: 2a65989
Author: Vaibhav Gumashta <vg...@apache.org>
Authored: Mon Sep 21 17:00:24 2015 -0700
Committer: Vaibhav Gumashta <vg...@apache.org>
Committed: Mon Sep 21 17:00:24 2015 -0700

----------------------------------------------------------------------
 .../hive/jdbc/ZooKeeperHiveClientHelper.java    | 32 ++++++++++++++------
 1 file changed, 22 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/514ab795/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
----------------------------------------------------------------------
diff --git a/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java b/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
index eeb3cf9..4712d2e 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
@@ -137,20 +137,32 @@ class ZooKeeperHiveClientHelper {
             && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.USE_SSL))) {
           connParams.getSessionVars().put(JdbcConnectionParams.USE_SSL, matcher.group(2));
         }
-        // Set authentication configs
-        // Note that in JDBC driver, we have 3 auth modes: NOSASL, Kerberos and password based
-        // The use of "JdbcConnectionParams.AUTH_TYPE=JdbcConnectionParams.AUTH_SIMPLE" picks NOSASL
-        // The presence of "JdbcConnectionParams.AUTH_PRINCIPAL=<principal>" picks Kerberos
-        // Otherwise password based (which includes NONE, PAM, LDAP, CUSTOM)
-        if ((matcher.group(1).equals("hive.server2.authentication"))
-            && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE))) {
-          if (matcher.group(2).equalsIgnoreCase("NOSASL")) {
+        /**
+         * Note: this is pretty messy, but sticking to the current implementation.
+         * Set authentication configs. Note that in JDBC driver, we have 3 auth modes: NOSASL,
+         * Kerberos (including delegation token mechanism) and password based.
+         * The use of JdbcConnectionParams.AUTH_TYPE==JdbcConnectionParams.AUTH_SIMPLE picks NOSASL.
+         * The presence of JdbcConnectionParams.AUTH_PRINCIPAL==<principal> picks Kerberos.
+         * If principal is absent, the presence of
+         * JdbcConnectionParams.AUTH_TYPE==JdbcConnectionParams.AUTH_TOKEN uses delegation token.
+         * Otherwise password based (which includes NONE, PAM, LDAP, CUSTOM)
+         */
+        if (matcher.group(1).equals("hive.server2.authentication")) {
+          // NOSASL
+          if (matcher.group(2).equalsIgnoreCase("NOSASL")
+              && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE) && connParams
+                  .getSessionVars().get(JdbcConnectionParams.AUTH_TYPE)
+                  .equalsIgnoreCase(JdbcConnectionParams.AUTH_SIMPLE))) {
             connParams.getSessionVars().put(JdbcConnectionParams.AUTH_TYPE,
                 JdbcConnectionParams.AUTH_SIMPLE);
           }
         }
-        // Set server's kerberos principal
-        if ((matcher.group(1).equals("hive.server2.authentication.kerberos.principal"))
+        // KERBEROS
+        // If delegation token is passed from the client side, do not set the principal
+        if (matcher.group(2).equalsIgnoreCase("hive.server2.authentication.kerberos.principal")
+            && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE) && connParams
+                .getSessionVars().get(JdbcConnectionParams.AUTH_TYPE)
+                .equalsIgnoreCase(JdbcConnectionParams.AUTH_TOKEN))
             && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_PRINCIPAL))) {
           connParams.getSessionVars().put(JdbcConnectionParams.AUTH_PRINCIPAL, matcher.group(2));
         }