You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@phoenix.apache.org by ma...@apache.org on 2017/03/16 21:11:45 UTC
[23/50] [abbrv] phoenix git commit: PHOENIX-3686 Allow
client-authentication to be disabled for PQS
PHOENIX-3686 Allow client-authentication to be disabled for PQS
Project: http://git-wip-us.apache.org/repos/asf/phoenix/repo
Commit: http://git-wip-us.apache.org/repos/asf/phoenix/commit/8e1d10b3
Tree: http://git-wip-us.apache.org/repos/asf/phoenix/tree/8e1d10b3
Diff: http://git-wip-us.apache.org/repos/asf/phoenix/diff/8e1d10b3
Branch: refs/heads/calcite
Commit: 8e1d10b3f1e91d003f7dd554f8c261352cbd3b43
Parents: 877cac3
Author: Josh Elser <el...@apache.org>
Authored: Mon Feb 20 17:22:15 2017 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Tue Feb 28 15:10:05 2017 -0500
----------------------------------------------------------------------
.../org/apache/phoenix/query/QueryServices.java | 3 ++-
.../phoenix/query/QueryServicesOptions.java | 2 ++
.../queryserver/client/SqllineWrapper.java | 18 ++++++++++++++----
.../phoenix/queryserver/server/QueryServer.java | 5 ++++-
4 files changed, 22 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/phoenix/blob/8e1d10b3/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
----------------------------------------------------------------------
diff --git a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
index 8f0b06e..1366add 100644
--- a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
+++ b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
@@ -216,7 +216,8 @@ public interface QueryServices extends SQLCloseable {
public static final String QUERY_SERVER_UGI_CACHE_INITIAL_SIZE = "phoenix.queryserver.ugi.cache.initial.size";
public static final String QUERY_SERVER_UGI_CACHE_CONCURRENCY = "phoenix.queryserver.ugi.cache.concurrency";
public static final String QUERY_SERVER_KERBEROS_ALLOWED_REALMS = "phoenix.queryserver.kerberos.allowed.realms";
-
+ public static final String QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB = "phoenix.queryserver.spnego.auth.disabled";
+
public static final String RENEW_LEASE_ENABLED = "phoenix.scanner.lease.renew.enabled";
public static final String RUN_RENEW_LEASE_FREQUENCY_INTERVAL_MILLISECONDS = "phoenix.scanner.lease.renew.interval";
public static final String RENEW_LEASE_THRESHOLD_MILLISECONDS = "phoenix.scanner.lease.threshold";
http://git-wip-us.apache.org/repos/asf/phoenix/blob/8e1d10b3/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java
----------------------------------------------------------------------
diff --git a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java
index 15ea956..f885d5c 100644
--- a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java
+++ b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java
@@ -253,6 +253,8 @@ public class QueryServicesOptions {
public static final long DEFAULT_QUERY_SERVER_UGI_CACHE_MAX_SIZE = 1000L;
public static final int DEFAULT_QUERY_SERVER_UGI_CACHE_INITIAL_SIZE = 100;
public static final int DEFAULT_QUERY_SERVER_UGI_CACHE_CONCURRENCY = 10;
+ public static final boolean DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED = false;
+
public static final boolean DEFAULT_RENEW_LEASE_ENABLED = true;
public static final int DEFAULT_RUN_RENEW_LEASE_FREQUENCY_INTERVAL_MILLISECONDS =
DEFAULT_HBASE_CLIENT_SCANNER_TIMEOUT_PERIOD / 2;
http://git-wip-us.apache.org/repos/asf/phoenix/blob/8e1d10b3/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
----------------------------------------------------------------------
diff --git a/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java b/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
index 44cc0d3..7a22334 100644
--- a/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
+++ b/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
@@ -29,11 +29,11 @@ import sqlline.SqlLine;
*/
public class SqllineWrapper {
public static final String HBASE_AUTHENTICATION_ATTR = "hbase.security.authentication";
+ public static final String QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB = "phoenix.queryserver.spnego.auth.disabled";
+ public static final boolean DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED = false;
- static UserGroupInformation loginIfNecessary() {
+ static UserGroupInformation loginIfNecessary(Configuration conf) {
// Try to avoid HBase dependency too. Sadly, we have to bring in all of hadoop-common for this..
- Configuration conf = new Configuration(false);
- conf.addResource("hbase-site.xml");
if ("kerberos".equalsIgnoreCase(conf.get(HBASE_AUTHENTICATION_ATTR))) {
// sun.security.krb5.principal is the property for setting the principal name, if that
// isn't set, fall back to user.name and hope for the best.
@@ -68,7 +68,17 @@ public class SqllineWrapper {
}
public static void main(String[] args) throws Exception {
- UserGroupInformation ugi = loginIfNecessary();
+ final Configuration conf = new Configuration(false);
+ conf.addResource("hbase-site.xml");
+
+ // Check if the server config says SPNEGO auth is actually disabled.
+ final boolean disableSpnego = conf.getBoolean(QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB,
+ DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED);
+ if (disableSpnego) {
+ SqlLine.main(args);
+ }
+
+ UserGroupInformation ugi = loginIfNecessary(conf);
if (null != ugi) {
final String[] updatedArgs = updateArgsForKerberos(args);
http://git-wip-us.apache.org/repos/asf/phoenix/blob/8e1d10b3/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
----------------------------------------------------------------------
diff --git a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index 8c44938..60d3f86 100644
--- a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -173,9 +173,12 @@ public final class QueryServer extends Configured implements Tool, Runnable {
try {
final boolean isKerberos = "kerberos".equalsIgnoreCase(getConf().get(
QueryServices.QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB));
+ final boolean disableSpnego = getConf().getBoolean(QueryServices.QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB,
+ QueryServicesOptions.DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED);
+
// handle secure cluster credentials
- if (isKerberos) {
+ if (isKerberos && !disableSpnego) {
String hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
getConf().get(QueryServices.QUERY_SERVER_DNS_INTERFACE_ATTRIB, "default"),
getConf().get(QueryServices.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, "default")));