@Override public void run() { try { HiveMetaStore.startMetaStore(hiveMetastorePort, new HadoopThriftAuthBridge(), hiveConf); } catch (Throwable t) { t.printStackTrace(); } } }
public static TTransport getTokenTransport(String tokenStr, String host, TTransport underlyingTransport, Map<String, String> saslProps) throws SaslException { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); try { return authBridge.createClientTransport(null, host, "DIGEST", tokenStr, underlyingTransport, saslProps); } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
/** * @return Stringified Base64 encoded kerberosAuthHeader on success * @throws Exception */ public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }
.createServer(conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB), conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL));
try { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClient();
/** * Read and return the meta store Sasl configuration. Currently it uses the default * Hadoop SASL configuration and can be configured using "hadoop.rpc.protection" * HADOOP-10211, made a backward incompatible change due to which this call doesn't * work with Hadoop 2.4.0 and later. * @param conf * @return The SASL configuration */ public static Map<String, String> getMetaStoreSaslProperties(HiveConf conf) { // As of now Hive Meta Store uses the same configuration as Hadoop SASL configuration return ShimLoader.getHadoopThriftAuthBridge().getHadoopSaslProperties(conf); }
.createServer(conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB), conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL));
ShimLoader.getHadoopThriftAuthBridge().createClient();
/** * Read and return the meta store Sasl configuration. Currently it uses the default * Hadoop SASL configuration and can be configured using "hadoop.rpc.protection" * HADOOP-10211, made a backward incompatible change due to which this call doesn't * work with Hadoop 2.4.0 and later. * @param conf * @return The SASL configuration */ public static Map<String, String> getMetaStoreSaslProperties(HiveConf conf) { // As of now Hive Meta Store uses the same configuration as Hadoop SASL configuration return ShimLoader.getHadoopThriftAuthBridge().getHadoopSaslProperties(conf); }
if (needUgiLogin(UserGroupInformation.getCurrentUser(), SecurityUtil.getServerPrincipal(principal, "0.0.0.0"), keytab)) { saslServer = ShimLoader.getHadoopThriftAuthBridge().createServer(principal, keytab); } else {
/** * @return Stringified Base64 encoded kerberosAuthHeader on success * @throws Exception */ public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }
public static TTransport getTokenTransport(String tokenStr, String host, TTransport underlyingTransport, Map<String, String> saslProps) throws SaslException { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); try { return authBridge.createClientTransport(null, host, "DIGEST", tokenStr, underlyingTransport, saslProps); } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
@Override public void run() { try { HiveMetaStore.startMetaStore(hiveMetastorePort, new HadoopThriftAuthBridge(), hiveConf); } catch (Throwable t) { t.printStackTrace(); } } }
ShimLoader.getHadoopThriftAuthBridge().createClient();
if (needUgiLogin(UserGroupInformation.getCurrentUser(), SecurityUtil.getServerPrincipal(principal, "0.0.0.0"), keytab)) { saslServer = ShimLoader.getHadoopThriftAuthBridge().createServer(principal, keytab); } else {
/** * @return Stringified Base64 encoded kerberosAuthHeader on success * @throws Exception */ public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }
public static TTransport getTokenTransport(String tokenStr, String host, TTransport underlyingTransport, Map<String, String> saslProps) throws SaslException { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); try { return authBridge.createClientTransport(null, host, "DIGEST", tokenStr, underlyingTransport, saslProps); } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
@Override public void run() { try { HiveMetaStore.startMetaStore(hiveMetastorePort, new HadoopThriftAuthBridge(), hiveConf); } catch (Throwable t) { t.printStackTrace(); } } }
ShimLoader.getHadoopThriftAuthBridge().createClient();
TTransportFactory transFactory; if (useSasl) { saslServer = bridge.createServer( conf.getVar(HiveConf.ConfVars.METASTORE_KERBEROS_KEYTAB_FILE), conf.getVar(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL));