[
https://issues.apache.org/jira/browse/HIVE-24543?focusedWorklogId=531427&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-531427
]
ASF GitHub Bot logged work on HIVE-24543:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 05/Jan/21 19:21
Start Date: 05/Jan/21 19:21
Worklog Time Spent: 10m
Work Description: nrg4878 commented on a change in pull request #1791:
URL: https://github.com/apache/hive/pull/1791#discussion_r552141828
##########
File path: jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
##########
@@ -896,39 +946,103 @@ private void openSession() throws SQLException {
openReq.setPassword(sessConfMap.get(JdbcConnectionParams.AUTH_PASSWD));
}
+ //TODO(Vihang): This is a bit hacky. We piggy back on a dummy OpenSession
call
+ // to get the redirect response from the server. Instead its probably
cleaner to
+ // explicitly do a HTTP post request and get the response.
+ int numRetry = isBrowserAuthMode() ? 2 : 1;
+ for (int i=0; i<numRetry; i++) {
+ try {
+ openSession(openReq);
+ } catch (TException e) {
+ if (isSamlRedirect(e)) {
+ boolean success = doBrowserSSO();
+ if (!success) {
+ String msg = browserClient.getServerResponse() == null
+ || browserClient.getServerResponse().getMsg() == null ? ""
+ : browserClient.getServerResponse().getMsg();
+ throw new SQLException(
+ "Could not establish connection to " + jdbcUriString + ": "
+ + msg, " 08S01", e);
+ }
+ } else {
+ throw new SQLException(
+ "Could not establish connection to " + jdbcUriString + ": " + e
+ .getMessage(), " 08S01", e);
+ }
+ }
+ }
+ isClosed = false;
+ }
+
+ private boolean doBrowserSSO() throws SQLException {
try {
- TOpenSessionResp openResp = client.OpenSession(openReq);
+ Preconditions.checkNotNull(browserClient);
+ try (IJdbcBrowserClient bc = browserClient) {
+ browserClient.doBrowserSSO();
+ HiveJdbcBrowserServerResponse response =
browserClient.getServerResponse();
+ if (response != null) {
+ return response.isSuccessful();
+ }
+ return false;
+ }
+ } catch (Exception ex) {
+ throw new SQLException("Browser based SSO failed: " + ex.getMessage(),
+ " 08S01",
+ ex);
+ }
+ }
- // Populate a given configuration from HS2 server HiveConf, only if that
configuration
- // is not already present in Connection parameter HiveConf i.e., client
side configuration
- // takes precedence over the server side configuration.
- Map<String, String> serverHiveConf = openResp.getConfiguration();
+ @VisibleForTesting
+ public IJdbcBrowserClient getBrowserClient() {
+ return browserClient;
+ }
- updateServerHiveConf(serverHiveConf, connParams);
+ private void openSession(TOpenSessionReq openReq) throws TException,
SQLException {
+ TOpenSessionResp openResp = client.OpenSession(openReq);
- // validate connection
- Utils.verifySuccess(openResp.getStatus());
- if (!supportedProtocols.contains(openResp.getServerProtocolVersion())) {
- throw new TException("Unsupported Hive2 protocol");
- }
- protocol = openResp.getServerProtocolVersion();
- sessHandle = openResp.getSessionHandle();
-
- final String serverFetchSizeString =
-
openResp.getConfiguration().get(ConfVars.HIVE_SERVER2_THRIFT_RESULTSET_DEFAULT_FETCH_SIZE.varname);
- if (serverFetchSizeString == null) {
- throw new IllegalStateException("Server returned a null default fetch
size. Check that "
- +
ConfVars.HIVE_SERVER2_THRIFT_RESULTSET_DEFAULT_FETCH_SIZE.varname + " is
configured correctly.");
- }
+ // Populate a given configuration from HS2 server HiveConf, only if that
configuration
Review comment:
its not clear what the change is here. The proposed code looks similar
to the existing code in the OpenSession() method. What has changed?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 531427)
Time Spent: 1.5h (was: 1h 20m)
> Support SAML 2.0 as an authentication mechanism
> -----------------------------------------------
>
> Key: HIVE-24543
> URL: https://issues.apache.org/jira/browse/HIVE-24543
> Project: Hive
> Issue Type: New Feature
> Reporter: Vihang Karajgaonkar
> Assignee: Vihang Karajgaonkar
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> With cloud based deployments, having a SAML 2.0 based authentication support
> in HS2 will be greatly useful in case of federated or external identity
> providers like Okta, PingIdentity or Azure AD.
> This authentication mechanism can initially be only supported on http
> transport mode in HiveServer2 since the SAML 2.0 protocol is primarily
> designed for web clients.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)