PHOENIX-3126 Tie a driver instance to a specific user (Prabhjyot Singh) Prevent the case where a user's Kerberos credentials are unintentionally used by a different user.
Project: http://git-wip-us.apache.org/repos/asf/phoenix/repo Commit: http://git-wip-us.apache.org/repos/asf/phoenix/commit/f792b6e9 Tree: http://git-wip-us.apache.org/repos/asf/phoenix/tree/f792b6e9 Diff: http://git-wip-us.apache.org/repos/asf/phoenix/diff/f792b6e9 Branch: refs/heads/4.8-HBase-1.1 Commit: f792b6e961e3d830f30110911517c59b3469798a Parents: a14b977 Author: Josh Elser <els...@apache.org> Authored: Tue Aug 2 16:56:34 2016 -0400 Committer: Josh Elser <els...@apache.org> Committed: Tue Aug 2 18:24:31 2016 -0400 ---------------------------------------------------------------------- .../apache/phoenix/jdbc/PhoenixEmbeddedDriver.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/phoenix/blob/f792b6e9/phoenix-core/src/main/java/org/apache/phoenix/jdbc/PhoenixEmbeddedDriver.java ---------------------------------------------------------------------- diff --git a/phoenix-core/src/main/java/org/apache/phoenix/jdbc/PhoenixEmbeddedDriver.java b/phoenix-core/src/main/java/org/apache/phoenix/jdbc/PhoenixEmbeddedDriver.java index d2dd94f..375388a 100644 --- a/phoenix-core/src/main/java/org/apache/phoenix/jdbc/PhoenixEmbeddedDriver.java +++ b/phoenix-core/src/main/java/org/apache/phoenix/jdbc/PhoenixEmbeddedDriver.java @@ -19,6 +19,7 @@ package org.apache.phoenix.jdbc; import static org.apache.phoenix.util.PhoenixRuntime.PHOENIX_TEST_DRIVER_URL_PARAM; +import java.io.IOException; import java.sql.Connection; import java.sql.Driver; import java.sql.DriverPropertyInfo; @@ -35,6 +36,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HConstants; +import org.apache.hadoop.hbase.security.User; import org.apache.phoenix.coprocessor.MetaDataProtocol; import org.apache.phoenix.exception.SQLExceptionCode; import org.apache.phoenix.exception.SQLExceptionInfo; @@ -340,6 +342,7 @@ public abstract class PhoenixEmbeddedDriver implements Driver, SQLCloseable { private final boolean isConnectionless; private final String principal; private final String keytab; + private final User user; public ConnectionInfo(String zookeeperQuorum, Integer port, String rootNode, String principal, String keytab) { this.zookeeperQuorum = zookeeperQuorum; @@ -348,6 +351,14 @@ public abstract class PhoenixEmbeddedDriver implements Driver, SQLCloseable { this.isConnectionless = PhoenixRuntime.CONNECTIONLESS.equals(zookeeperQuorum); this.principal = principal; this.keytab = keytab; + try { + this.user = User.getCurrent(); + } catch (IOException e) { + throw new RuntimeException("Couldn't get the current user!!"); + } + if (null == this.user) { + throw new RuntimeException("Acquired null user which should never happen"); + } } public ConnectionInfo(String zookeeperQuorum, Integer port, String rootNode) { @@ -406,6 +417,8 @@ public abstract class PhoenixEmbeddedDriver implements Driver, SQLCloseable { result = prime * result + ((rootNode == null) ? 0 : rootNode.hashCode()); result = prime * result + ((principal == null) ? 0 : principal.hashCode()); result = prime * result + ((keytab == null) ? 0 : keytab.hashCode()); + // `user` is guaranteed to be non-null + result = prime * result + user.hashCode(); return result; } @@ -415,6 +428,8 @@ public abstract class PhoenixEmbeddedDriver implements Driver, SQLCloseable { if (obj == null) return false; if (getClass() != obj.getClass()) return false; ConnectionInfo other = (ConnectionInfo) obj; + // `user` is guaranteed to be non-null + if (!other.user.equals(user)) return false; if (zookeeperQuorum == null) { if (other.zookeeperQuorum != null) return false; } else if (!zookeeperQuorum.equals(other.zookeeperQuorum)) return false;