This is an automated email from the ASF dual-hosted git repository. zabetak pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push: new 7f29593b086 HIVE-26549: WebHCat servers fails to start due to authentication filter configuration (Zhiguo Wu reviewed by Stamatis Zampetakis) 7f29593b086 is described below commit 7f29593b0869317fcc0c1d3cd2add95799c1c2f3 Author: wzg547228197 <wzg547228...@gmail.com> AuthorDate: Wed Sep 21 00:41:10 2022 +0800 HIVE-26549: WebHCat servers fails to start due to authentication filter configuration (Zhiguo Wu reviewed by Stamatis Zampetakis) Closes #3609 --- .../org/apache/hive/hcatalog/templeton/Main.java | 25 ++++++++++++++-------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java index d2776ffbfd1..66fa5eb4ae8 100644 --- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java +++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java @@ -32,6 +32,8 @@ import java.util.HashMap; import java.util.Objects; import java.util.Set; +import org.apache.hadoop.security.authentication.server.AuthenticationFilter; +import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.apache.commons.lang3.StringUtils; @@ -306,18 +308,23 @@ public class Main { public FilterHolder makeAuthFilter() throws IOException { FilterHolder authFilter = new FilterHolder(AuthFilter.class); UserNameHandler.allowAnonymous(authFilter); + + String confPrefix = "dfs.web.authentication"; + String prefix = confPrefix + "."; + authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix); + authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/"); + if (UserGroupInformation.isSecurityEnabled()) { - //http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html - authFilter.setInitParameter("dfs.web.authentication.signature.secret", - conf.kerberosSecret()); - //https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml + authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE); + String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0"); - authFilter.setInitParameter("dfs.web.authentication.kerberos.principal", - serverPrincipal); - //http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml - authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab", - conf.kerberosKeytab()); + authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.PRINCIPAL, serverPrincipal); + authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.KEYTAB, conf.kerberosKeytab()); + authFilter.setInitParameter(prefix + AuthenticationFilter.SIGNATURE_SECRET, conf.kerberosSecret()); + } else { + authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, PseudoAuthenticationHandler.TYPE); } + return authFilter; }