conf.getVar(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL)); saslServer.startDelegationTokenSecretManager(conf); transFactory = saslServer.createTransportFactory(); processor = saslServer.wrapProcessor(new ThriftHiveMetastore.Processor<IHMSHandler>( newHMSHandler("new db based metaserver", conf))); LOG.info("Starting DB backed MetaStore Server in Secure Mode");
InetAddress remoteAddr = getRemoteAddress(); ProxyUsers.authorize(ownerUgi,remoteAddr.getHostAddress(), null);
} else { saslServer = new HadoopThriftAuthBridge.Server(); saslServer.startDelegationTokenSecretManager(conf, rawStore, ServerMode.HIVESERVER2);
conf.getVar(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL)); saslServer.startDelegationTokenSecretManager(conf, baseHandler.getMS(), ServerMode.METASTORE); transFactory = saslServer.createTransportFactory( MetaStoreUtils.getMetaStoreSaslProperties(conf)); processor = saslServer.wrapProcessor( new ThriftHiveMetastore.Processor<IHMSHandler>(handler)); LOG.info("Starting DB backed MetaStore Server in Secure Mode");
conf.getVar(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL)); saslServer.startDelegationTokenSecretManager(conf, baseHandler.getMS(), ServerMode.METASTORE); transFactory = saslServer.createTransportFactory( MetaStoreUtils.getMetaStoreSaslProperties(conf)); processor = saslServer.wrapProcessor( new ThriftHiveMetastore.Processor<IHMSHandler>(handler)); LOG.info("Starting DB backed MetaStore Server in Secure Mode");
saslServer.startDelegationTokenSecretManager(conf); transFactory = saslServer.createTransportFactory(); processor = saslServer.wrapProcessor(new ThriftHiveMetastore.Processor( new HMSHandler("new db based metaserver", conf))); } else {
} else { saslServer = new HadoopThriftAuthBridge.Server(); saslServer.startDelegationTokenSecretManager(conf, rawStore, ServerMode.HIVESERVER2);
saslServer.startDelegationTokenSecretManager(conf, rawStore, ServerMode.HIVESERVER2);
saslServer.startDelegationTokenSecretManager(conf, rawStore, ServerMode.HIVESERVER2);
InetAddress remoteAddr = getRemoteAddress(); ProxyUsers.authorize(ownerUgi,remoteAddr.getHostAddress(), null);
private final void logAuditEvent(String cmd) { if (cmd == null) { return; } UserGroupInformation ugi; try { ugi = Utils.getUGI(); } catch (Exception ex) { throw new RuntimeException(ex); } final Formatter fmt = auditFormatter.get(); ((StringBuilder) fmt.out()).setLength(0); String address = null; if (useSasl) { if (saslServer != null && saslServer.getRemoteAddress() != null) { address = String.valueOf(saslServer.getRemoteAddress()); } } else { address = getIpAddress(); } if (address == null) { address = "unknown-ip-addr"; } auditLog.info(fmt.format(AUDIT_FORMAT, ugi.getUserName(), address, cmd).toString()); }
private final void logAuditEvent(String cmd) { if (cmd == null) { return; } UserGroupInformation ugi; try { ugi = ShimLoader.getHadoopShims().getUGIForConf(getConf()); } catch (Exception ex) { throw new RuntimeException(ex); } final Formatter fmt = auditFormatter.get(); ((StringBuilder) fmt.out()).setLength(0); String address; if (useSasl) { address = saslServer.getRemoteAddress().toString(); } else { address = getIpAddress(); } if (address == null) { address = "unknown-ip-addr"; } auditLog.info(fmt.format(AUDIT_FORMAT, ugi.getUserName(), address, cmd).toString()); }
private final void logAuditEvent(String cmd) { if (cmd == null) { return; } UserGroupInformation ugi; try { ugi = Utils.getUGI(); } catch (Exception ex) { throw new RuntimeException(ex); } final Formatter fmt = auditFormatter.get(); ((StringBuilder) fmt.out()).setLength(0); String address = null; if (useSasl) { if (saslServer != null && saslServer.getRemoteAddress() != null) { address = String.valueOf(saslServer.getRemoteAddress()); } } else { address = getIpAddress(); } if (address == null) { address = "unknown-ip-addr"; } auditLog.info(fmt.format(AUDIT_FORMAT, ugi.getUserName(), address, cmd).toString()); }
public TTransportFactory getAuthTransFactory() throws LoginException { TTransportFactory transportFactory; if (authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) { try { transportFactory = saslServer.createTransportFactory(getSaslProperties()); } catch (TTransportException e) { throw new LoginException(e.getMessage()); } } else if (authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) { transportFactory = new TTransportFactory(); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else { throw new LoginException("Unsupported authentication type " + authTypeStr); } return transportFactory; }
public TTransportFactory getAuthTransFactory() throws LoginException { TTransportFactory transportFactory; if (authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) { try { transportFactory = saslServer.createTransportFactory(getSaslProperties()); } catch (TTransportException e) { throw new LoginException(e.getMessage()); } } else if (authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) { transportFactory = new TTransportFactory(); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else { throw new LoginException("Unsupported authentication type " + authTypeStr); } return transportFactory; }
public TTransportFactory getAuthTransFactory() throws LoginException { TTransportFactory transportFactory; if (authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) { try { transportFactory = saslServer.createTransportFactory(getSaslProperties()); } catch (TTransportException e) { throw new LoginException(e.getMessage()); } } else if (authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) { transportFactory = new TTransportFactory(); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else { throw new LoginException("Unsupported authentication type " + authTypeStr); } return transportFactory; }
public TTransportFactory getAuthTransFactory() throws LoginException { TTransportFactory transportFactory; if (authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) { try { transportFactory = saslServer.createTransportFactory(getSaslProperties()); } catch (TTransportException e) { throw new LoginException(e.getMessage()); } } else if (authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) { transportFactory = new TTransportFactory(); } else if (authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())) { transportFactory = PlainSaslHelper.getPlainTransportFactory(authTypeStr); } else { throw new LoginException("Unsupported authentication type " + authTypeStr); } return transportFactory; }
public String getDelegationToken(String owner, String renewer) throws HiveSQLException { if (saslServer == null) { throw new HiveSQLException( "Delegation token only supported over kerberos authentication", "08S01"); } try { String tokenStr = saslServer.getDelegationTokenWithService(owner, renewer, HS2_CLIENT_TOKEN); if (tokenStr == null || tokenStr.isEmpty()) { throw new HiveSQLException( "Received empty retrieving delegation token for user " + owner, "08S01"); } return tokenStr; } catch (IOException e) { throw new HiveSQLException( "Error retrieving delegation token for user " + owner, "08S01", e); } catch (InterruptedException e) { throw new HiveSQLException("delegation token retrieval interrupted", "08S01", e); } }
public String getDelegationToken(String owner, String renewer) throws HiveSQLException { if (saslServer == null) { throw new HiveSQLException( "Delegation token only supported over kerberos authentication", "08S01"); } try { String tokenStr = saslServer.getDelegationTokenWithService(owner, renewer, HS2_CLIENT_TOKEN); if (tokenStr == null || tokenStr.isEmpty()) { throw new HiveSQLException( "Received empty retrieving delegation token for user " + owner, "08S01"); } return tokenStr; } catch (IOException e) { throw new HiveSQLException( "Error retrieving delegation token for user " + owner, "08S01", e); } catch (InterruptedException e) { throw new HiveSQLException("delegation token retrieval interrupted", "08S01", e); } }
public String getDelegationToken(String owner, String renewer) throws HiveSQLException { if (saslServer == null) { throw new HiveSQLException( "Delegation token only supported over kerberos authentication", "08S01"); } try { String tokenStr = saslServer.getDelegationTokenWithService(owner, renewer, HS2_CLIENT_TOKEN); if (tokenStr == null || tokenStr.isEmpty()) { throw new HiveSQLException( "Received empty retrieving delegation token for user " + owner, "08S01"); } return tokenStr; } catch (IOException e) { throw new HiveSQLException( "Error retrieving delegation token for user " + owner, "08S01", e); } catch (InterruptedException e) { throw new HiveSQLException("delegation token retrieval interrupted", "08S01", e); } }