[ https://issues.apache.org/jira/browse/DRILL-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16022422#comment-16022422 ]
ASF GitHub Bot commented on DRILL-5485: --------------------------------------- Github user sohami commented on a diff in the pull request: https://github.com/apache/drill/pull/829#discussion_r118177282 --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/work/prepare/PreparedStatementProvider.java --- @@ -59,20 +43,29 @@ import org.apache.drill.exec.proto.UserProtos.ResultColumnMetadata; import org.apache.drill.exec.proto.UserProtos.RpcType; import org.apache.drill.exec.proto.UserProtos.RunQuery; +import org.apache.drill.exec.rpc.AbstractUserClientConnectionWrapper; import org.apache.drill.exec.rpc.Acks; import org.apache.drill.exec.rpc.Response; import org.apache.drill.exec.rpc.ResponseSender; import org.apache.drill.exec.rpc.RpcOutcomeListener; -import org.apache.drill.exec.rpc.user.UserServer.UserClientConnection; +import org.apache.drill.exec.rpc.UserClientConnection; import org.apache.drill.exec.rpc.user.UserSession; import org.apache.drill.exec.store.ischema.InfoSchemaConstants; import org.apache.drill.exec.work.user.UserWorker; import org.joda.time.Period; -import com.google.common.collect.ImmutableMap; +import java.math.BigDecimal; +import java.net.SocketAddress; +import java.sql.Date; +import java.sql.ResultSetMetaData; +import java.sql.Time; +import java.sql.Timestamp; +import java.util.List; +import java.util.Map; +import java.util.UUID; -import io.netty.buffer.ByteBuf; -import io.netty.channel.ChannelFuture; +import static org.apache.drill.exec.ExecConstants.CREATE_PREPARE_STATEMENT_TIMEOUT_MILLIS; +import static org.apache.drill.exec.proto.UserProtos.RequestStatus.*; --- End diff -- Fixed > Remove WebServer dependency on DrillClient > ------------------------------------------ > > Key: DRILL-5485 > URL: https://issues.apache.org/jira/browse/DRILL-5485 > Project: Apache Drill > Issue Type: Improvement > Components: Web Server > Reporter: Sorabh Hamirwasia > Fix For: 1.11.0 > > > With encryption support using SASL, client's won't be able to authenticate > using PLAIN mechanism when encryption is enabled on the cluster. Today > WebServer which is embedded inside Drillbit creates a DrillClient instance > for each WebClient session. And the WebUser is authenticated as part of > authentication between DrillClient instance and Drillbit using PLAIN > mechanism. But with encryption enabled this will fail since encryption > doesn't support authentication using PLAN mechanism, hence no WebClient can > connect to a Drillbit. There are below issues as well with this approach: > 1) Since DrillClient is used per WebUser session this is expensive as it has > heavyweight RPC layer for DrillClient and all it's dependencies. > 2) If the Foreman for a WebUser is also selected to be a different node then > there will be extra hop of transferring data back to WebClient. > To resolve all the above issue it would be better to authenticate the WebUser > locally using the Drillbit on which WebServer is running without creating > DrillClient instance. We can use the local PAMAuthenticator to authenticate > the user. After authentication is successful the local Drillbit can also > serve as the Foreman for all the queries submitted by WebUser. This can be > achieved by submitting the query to the local Drillbit Foreman work queue. > This will also remove the requirement to encrypt the channel opened between > WebServer (DrillClient) and selected Drillbit since with this approach there > won't be any physical channel opened between them. -- This message was sent by Atlassian JIRA (v6.3.15#6346)