You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@arrow.apache.org by "amir-bashir (via GitHub)" <gi...@apache.org> on 2024/03/18 10:34:07 UTC
[I] Unable to pass PASSWORD to FLIGHT SQL SERVER using flight-sql-jdbc jar file [arrow]
amir-bashir opened a new issue, #40628:
URL: https://github.com/apache/arrow/issues/40628
### Describe the usage question you have. Please include as many useful details as possible.
I have implemented flight sql server with code snippet below.
```
try (final BufferAllocator allocator = example.rootAllocator; final FlightServer server
= FlightServer.builder(allocator, listenLocation, example)
.useTls(certificate, priveteKey)
.headerAuthenticator(example.callHeaderInfo)
.build()) {
server.start();
server.awaitTermination();
}
```
Here I am using headerAuthenticator to read username/password information from header.
When I connect to my flight sql server using below python code, authentication method receives both username and password as expected.
```
with flight_sql.connect(uri="grpc+tls://192.168.140.77:32222",
db_kwargs={
"adbc.flight.sql.rpc.call_header.username": "datalake",
"adbc.flight.sql.rpc.call_header.password": "DataLake@2023",
"adbc.flight.sql.client_option.tls_skip_verify": "true"
}
) as conn:
with conn.cursor() as cur:
cur.execute("SELECT * FROM postgresql.public.patients limit 100")
```
When I use the following code to connect to same server from jdbc client, Incoming Headers do not contain password.
Can you please guide how I can fix this issue.
```
final Properties properties = new Properties();
properties.put("USERNAME", "admin");
properties.put("PASSWORD", "admin");
properties.put("useEncryption", 1);
properties.put("disableCertificateVerification", true);
try {
Connection connection = DriverManager.getConnection("jdbc:arrow-flight-sql://localhost:32222/", properties);
} catch (SQLException ex) {
}
```
Below is my authenticate method for reference.
```
@Override
public CallHeaderAuthenticator.AuthResult authenticate(CallHeaders incomingHeaders) {
if (incomingHeaders.containsKey("authorization")) {
String authEncoded = "";
if (incomingHeaders.toString().toLowerCase().contains("basic")) {
authEncoded = AuthUtilities.getValueFromAuthHeader(
incomingHeaders, Auth2Constants.BASIC_PREFIX);
String authDecoded = new String(Base64.getDecoder().decode(authEncoded), StandardCharsets.UTF_8);
int colonPos = authDecoded.indexOf(':');
if (colonPos != -1) {
username = authDecoded.substring(0, colonPos);
password = authDecoded.substring(colonPos + 1);
LOGGER.info("authenticating user '" + username +"' using basic authentication");
}
} else if (incomingHeaders.toString().toLowerCase().contains("bearer")) {
JWTToken = AuthUtilities.getValueFromAuthHeader(
incomingHeaders, Auth2Constants.BEARER_PREFIX);
LOGGER.info("authenticating using bearer token");
}
} else if(incomingHeaders.containsKey("token")){
JWTToken = incomingHeaders.get("token");
LOGGER.info("authenticating using jwt token in custom header call");
} else if(incomingHeaders.containsKey("username")) {
username = incomingHeaders.get("username");
password = incomingHeaders.get("password");
LOGGER.info("authenticating user '" + username +"' using username/password in custom header call");
}
else if(!incomingHeaders.containsKey("username") && !incomingHeaders.containsKey("authorization")
&& !incomingHeaders.get("user-agent").toLowerCase().contains("grpc-java-netty") && JWTToken == null) {
username = null;
password = null;
JWTToken = null;
LOGGER.info("both username and token are null. please provide either username or token");
throw CallStatus.UNAUTHENTICATED.toRuntimeException();
}
defaultCatalog = incomingHeaders.get("catalog");
return () -> {
if (JWTToken != null) {
return JWTToken;
} else {
return username + "&password" + password;
}
};
}
```
### Component(s)
Java
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@arrow.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] [Java] Unable to pass PASSWORD to FLIGHT SQL SERVER using flight-sql-jdbc jar file [arrow]
Posted by "amir-bashir (via GitHub)" <gi...@apache.org>.
amir-bashir closed issue #40628: [Java] Unable to pass PASSWORD to FLIGHT SQL SERVER using flight-sql-jdbc jar file
URL: https://github.com/apache/arrow/issues/40628
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] [Java] Unable to pass PASSWORD to FLIGHT SQL SERVER using flight-sql-jdbc jar file [arrow]
Posted by "jduo (via GitHub)" <gi...@apache.org>.
jduo commented on issue #40628:
URL: https://github.com/apache/arrow/issues/40628#issuecomment-2004115876
@amir-bashir , the JDBC driver interprets the "user" and "password" properties as using HTTP Basic Authorization rather than sending them as custom headers. Same with using DriverManager.getConnection(<uri>, <user>, <password>).
It looks as though you're using "username" and getting that as a custom header. However it appears that the logic described above prevents the password from being sent as a custom header.
The code could be changed such that if "user" is missing and "password" is present, the driver sends password as a custom header. However is this really necessary to support your use case? It appears your handler could just support HTTP Basic coming from the driver if you were to use the "user" property instead of "username".
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] [Java] Unable to pass PASSWORD to FLIGHT SQL SERVER using flight-sql-jdbc jar file [arrow]
Posted by "amir-bashir (via GitHub)" <gi...@apache.org>.
amir-bashir commented on issue #40628:
URL: https://github.com/apache/arrow/issues/40628#issuecomment-2005993259
@jduo , Thank you for your suggestion. I was able to fix the issue by passing "USER" instead of "USERNAME" from my client code.
Closing the issue
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org