Repository: hive Updated Branches: refs/heads/master a988c159c -> c5c298603
HIVE-18026: Hive webhcat principal configuration optimization (ZhangBing Lin via Rui) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/c5c29860 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/c5c29860 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/c5c29860 Branch: refs/heads/master Commit: c5c2986036dde21c1413e30b308705449fc594d7 Parents: a988c15 Author: ZhangBing Lin <lin.zhangb...@zte.com.cn> Authored: Thu Nov 23 11:38:15 2017 +0800 Committer: Rui Li <li...@apache.org> Committed: Thu Nov 23 11:38:15 2017 +0800 ---------------------------------------------------------------------- .../main/java/org/apache/hive/hcatalog/templeton/Main.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/c5c29860/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java ---------------------------------------------------------------------- diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java index 02b9db9..5e8e0b5 100644 --- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java +++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java @@ -39,6 +39,7 @@ import org.apache.hadoop.hive.shims.Utils; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authentication.client.PseudoAuthenticator; import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.util.GenericOptionsParser; import org.eclipse.jetty.rewrite.handler.RedirectPatternRule; import org.eclipse.jetty.rewrite.handler.RewriteHandler; @@ -176,7 +177,8 @@ public class Main { //Authenticate using keytab if (UserGroupInformation.isSecurityEnabled()) { - UserGroupInformation.loginUserFromKeytab(conf.kerberosPrincipal(), + String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0"); + UserGroupInformation.loginUserFromKeytab(serverPrincipal, conf.kerberosKeytab()); } @@ -252,7 +254,7 @@ public class Main { // Configure the AuthFilter with the Kerberos params iff security // is enabled. - public FilterHolder makeAuthFilter() { + public FilterHolder makeAuthFilter() throws IOException { FilterHolder authFilter = new FilterHolder(AuthFilter.class); UserNameHandler.allowAnonymous(authFilter); if (UserGroupInformation.isSecurityEnabled()) { @@ -260,8 +262,9 @@ public class Main { authFilter.setInitParameter("dfs.web.authentication.signature.secret", conf.kerberosSecret()); //https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml + String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0"); authFilter.setInitParameter("dfs.web.authentication.kerberos.principal", - conf.kerberosPrincipal()); + serverPrincipal); //http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab", conf.kerberosKeytab());