Hi Chuan, Thanks for the files. It took me some time to review this since they weren't runnable, but after getting it configured, there's two things that need doing:
- In your AuthResult implementation, the returned token needs to start with "Bearer". Otherwise, the JDBC driver will not recognize it. - In your CallHeaderAuthenticator implementation, authenticate() must _always_ return a non-NULL result. So in the branch that validates that the token is valid, it should return an AuthResult (whose getPeerIdentity returns the authenticated user's identity), _not_ NULL. On Wed, Jul 24, 2024, at 11:41, Zhao, Chuan wrote: > Hi David, > > Here are the files: > https://gist.github.com/bigchuan79/a1efa7d981aa74a3d8f61beb2344f91a > > Thanks! > > -Chuan > > From: David Li <lidav...@apache.org> > Date: Tuesday, July 23, 2024 at 6:21 PM > To: dev@arrow.apache.org <dev@arrow.apache.org> > Subject: [EXTERNAL] Re: Question about arrow flight authentication > [You don't often get email from lidav...@apache.org. Learn why this is > important at https://aka.ms/LearnAboutSenderIdentification ] > > [CAUTION: External Email] > > > Hi Chuan, > > The attachment didn't make it through - could you post a Gist or something? > > Thanks, > David > > On Wed, Jul 24, 2024, at 08:06, Zhao, Chuan wrote: >> Hi, >> >> I am from Teradata and I am working on a POC related to Arrow Flight. >> Basically, I wanted to send metadata request from the client to Arrow Flight >> Server which fetches the result from Teradata Database (for example table >> types) and return it to the client. I want to enable username/password >> authentication. Please see attached code on server and client side. >> >> I found an issue when I run the code. Here is the output on server side: >> >> Flight SQL Server listening at grpc+tls://localhost:3333 >> >> awaiting termination ... >> >> Metadata(content-type=application/grpc,user-agent=grpc-java-netty/1.63.0,grpc-accept-encoding=gzip,authorization=Basic >> YXJyb3c6Y2VydA==) >> >> authenticating user 'arrow' using basic authentication >> >> Metadata(content-type=application/grpc,user-agent=grpc-java-netty/1.63.0,grpc-accept-encoding=gzip) >> >> inside method getFlightInfoTableTypes!! >> >> Metadata(content-type=application/grpc,user-agent=grpc-java-netty/1.63.0,grpc-accept-encoding=gzip,authorization=Basic >> YXJyb3c6Y2VydA==) >> >> authenticating user 'arrow' using basic authentication >> >> Metadata(content-type=application/grpc,user-agent=grpc-java-netty/1.63.0,grpc-accept-encoding=gzip) >> >> inside method getStreamTableTypes!! >> >> I printed out incomingHeaders.toString() in authenticate method in my >> ArrowFlightAuthValidate.java. You can see before going into >> getFlightInfoTableTypes method, it calls authenticate() two times. The first >> time comes with authorization info in the header, but not the second time. >> Same for after calling getFlightInfoTableTypes. I have used latest version >> 17.0.0 for flight-core, arrow-jdbc and flight-sql on server side and latest >> flight-sql-jdbc-driver (17.0.0) on client side. >> >> Any help would be greatly appreciated. Thanks. >> >> -Chuan >>
