You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2016/03/04 19:56:37 UTC
hive git commit: HIVE-13056 : delegation tokens do not work with HS2
when used with http transport and kerberos (Sushanth Sowmyan,
reviewed by Thejas Nair)
Repository: hive
Updated Branches:
refs/heads/branch-1 b6c1026d7 -> 62b2a9a04
HIVE-13056 : delegation tokens do not work with HS2 when used with http transport and kerberos (Sushanth Sowmyan, reviewed by Thejas Nair)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/62b2a9a0
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/62b2a9a0
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/62b2a9a0
Branch: refs/heads/branch-1
Commit: 62b2a9a04214fc66d980f32ed2725d36512cdae4
Parents: b6c1026
Author: Sushanth Sowmyan <kh...@gmail.com>
Authored: Wed Feb 17 09:43:58 2016 -0800
Committer: Thejas Nair <th...@hortonworks.com>
Committed: Fri Mar 4 10:56:27 2016 -0800
----------------------------------------------------------------------
.../hive/service/auth/HiveAuthFactory.java | 44 ++++++++++----------
1 file changed, 21 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/62b2a9a0/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java b/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
index 053ddc8..0c7455d 100644
--- a/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
+++ b/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
@@ -107,34 +107,32 @@ public class HiveAuthFactory {
hadoopAuth = conf.get(HADOOP_SECURITY_AUTHENTICATION, "simple");
// In http mode we use NOSASL as the default auth type
- if ("http".equalsIgnoreCase(transportMode)) {
- if (authTypeStr == null) {
+ if (authTypeStr == null) {
+ if ("http".equalsIgnoreCase(transportMode)) {
authTypeStr = AuthTypes.NOSASL.getAuthName();
- }
- } else {
- if (authTypeStr == null) {
+ } else {
authTypeStr = AuthTypes.NONE.getAuthName();
}
- if (hadoopAuth.equalsIgnoreCase("kerberos") && !authTypeStr.equalsIgnoreCase(
- AuthTypes.NOSASL.getAuthName())) {
- saslServer = ShimLoader.getHadoopThriftAuthBridge()
- .createServer(conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB),
- conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL));
- // start delegation token manager
- try {
- // rawStore is only necessary for DBTokenStore
- HMSHandler baseHandler = null;
- String tokenStoreClass = conf.getVar(HiveConf.ConfVars.METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS);
-
- if (tokenStoreClass.equals(DBTokenStore.class.getName())) {
- baseHandler = new HiveMetaStore.HMSHandler("new db based metaserver", conf, true);
- }
+ }
+ if (hadoopAuth.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())
+ && !authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) {
+ saslServer = ShimLoader.getHadoopThriftAuthBridge().createServer(
+ conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB),
+ conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL));
+ // start delegation token manager
+ try {
+ // rawStore is only necessary for DBTokenStore
+ HMSHandler baseHandler = null;
+ String tokenStoreClass = conf.getVar(HiveConf.ConfVars.METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS);
- saslServer.startDelegationTokenSecretManager(conf, baseHandler, ServerMode.HIVESERVER2);
- }
- catch (MetaException|IOException e) {
- throw new TTransportException("Failed to start token manager", e);
+ if (tokenStoreClass.equals(DBTokenStore.class.getName())) {
+ baseHandler = new HiveMetaStore.HMSHandler("new db based metaserver", conf, true);
}
+
+ saslServer.startDelegationTokenSecretManager(conf, baseHandler, ServerMode.HIVESERVER2);
+ }
+ catch (MetaException|IOException e) {
+ throw new TTransportException("Failed to start token manager", e);
}
}
}