risdenk commented on a change in pull request #92: [WIP][CALCITE-2972] Upgrade jetty to 9.4.15.v20190215 URL: https://github.com/apache/calcite-avatica/pull/92#discussion_r271474119
########## File path: server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java ########## @@ -337,17 +343,23 @@ protected ConstraintSecurityHandler configureSpnego(Server server, AvaticaServerConfiguration config) { final String realm = Objects.requireNonNull(config.getKerberosRealm()); final String principal = Objects.requireNonNull(config.getKerberosPrincipal()); - - // A customization of SpnegoLoginService to explicitly set the server's principal, otherwise - // we would have to require a custom file to set the server's principal. - PropertyBasedSpnegoLoginService spnegoLoginService = - new PropertyBasedSpnegoLoginService(realm, principal); + final String principalWithoutRealm = principal.split("@", 2)[0]; + final String[] principalParts = principalWithoutRealm.split("/", 2); + final String serviceName = principalParts[0]; + final String hostname = principalParts[1]; + final Path keytabPath = config.getKerberosKeytab(); + + ConfigurableSpnegoLoginService spnegoLoginService = + new ConfigurableSpnegoLoginService(realm, new TestAuthorizationService()); + spnegoLoginService.setServiceName(serviceName); + spnegoLoginService.setHostName(hostname); + spnegoLoginService.setKeyTabPath(keytabPath); Review comment: It looks like Avatica server currently supports logging in without a keytab. Jetty wants to now manage the Kerberos lifecycle and login. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services