protected static void startHiveMetaStore() throws Exception { final int port = MetaStoreUtils.findFreePort(); hiveConf.set(METASTOREURIS.varname, "thrift://localhost:" + port); MetaStoreUtils.startMetaStore(port, ShimLoader.getHadoopThriftAuthBridge(), hiveConf); }
/** * Read and return the meta store Sasl configuration. Currently it uses the default * Hadoop SASL configuration and can be configured using "hadoop.rpc.protection" * HADOOP-10211, made a backward incompatible change due to which this call doesn't * work with Hadoop 2.4.0 and later. * @param conf * @return The SASL configuration */ public static Map<String, String> getMetaStoreSaslProperties(HiveConf conf) { // As of now Hive Meta Store uses the same configuration as Hadoop SASL configuration return ShimLoader.getHadoopThriftAuthBridge().getHadoopSaslProperties(conf); }
/** * Read and return the meta store Sasl configuration. Currently it uses the default * Hadoop SASL configuration and can be configured using "hadoop.rpc.protection" * HADOOP-10211, made a backward incompatible change due to which this call doesn't * work with Hadoop 2.4.0 and later. * @param conf * @return The SASL configuration */ public static Map<String, String> getMetaStoreSaslProperties(HiveConf conf) { // As of now Hive Meta Store uses the same configuration as Hadoop SASL configuration return ShimLoader.getHadoopThriftAuthBridge().getHadoopSaslProperties(conf); }
/** * @param args */ public static void main(String[] args) { int port = 9083; if (args.length > 0) { port = new Integer(args[0]); } try { startMetaStore(port, ShimLoader.getHadoopThriftAuthBridge()); } catch (Throwable t) { HMSHandler.LOG .error("Metastore Thrift Server threw an exception. Exiting..."); System.exit(1); } }
/** * @return Stringified Base64 encoded kerberosAuthHeader on success * @throws Exception */ public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }
/** * @return Stringified Base64 encoded kerberosAuthHeader on success * @throws Exception */ public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }
/** * @return Stringified Base64 encoded kerberosAuthHeader on success * @throws Exception */ public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }
/** * @return Stringified Base64 encoded kerberosAuthHeader on success * @throws Exception */ public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }
public static TTransport getTokenTransport(String tokenStr, String host, TTransport underlyingTransport, Map<String, String> saslProps) throws SaslException { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); try { return authBridge.createClientTransport(null, host, "DIGEST", tokenStr, underlyingTransport, saslProps); } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
public static TTransport getTokenTransport(String tokenStr, String host, TTransport underlyingTransport, Map<String, String> saslProps) throws SaslException { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); try { return authBridge.createClientTransport(null, host, "DIGEST", tokenStr, underlyingTransport, saslProps); } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
public static TTransport getTokenTransport(String tokenStr, String host, TTransport underlyingTransport, Map<String, String> saslProps) throws SaslException { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); try { return authBridge.createClientTransport(null, host, "DIGEST", tokenStr, underlyingTransport, saslProps); } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
public static TTransport getTokenTransport(String tokenStr, String host, TTransport underlyingTransport, Map<String, String> saslProps) throws SaslException { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); try { return authBridge.createClientTransport(null, host, "DIGEST", tokenStr, underlyingTransport, saslProps); } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
public static TTransport getKerberosTransport(String principal, String host, TTransport underlyingTransport, Map<String, String> saslProps, boolean assumeSubject) throws SaslException { try { String[] names = principal.split("[/@]"); if (names.length != 3) { throw new IllegalArgumentException("Kerberos principal should have 3 parts: " + principal); } if (assumeSubject) { return createSubjectAssumedTransport(principal, underlyingTransport, saslProps); } else { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); return authBridge.createClientTransport(principal, host, "KERBEROS", null, underlyingTransport, saslProps); } } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
public static TTransport getKerberosTransport(String principal, String host, TTransport underlyingTransport, Map<String, String> saslProps, boolean assumeSubject) throws SaslException { try { String[] names = principal.split("[/@]"); if (names.length != 3) { throw new IllegalArgumentException("Kerberos principal should have 3 parts: " + principal); } if (assumeSubject) { return createSubjectAssumedTransport(principal, underlyingTransport, saslProps); } else { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); return authBridge.createClientTransport(principal, host, "KERBEROS", null, underlyingTransport, saslProps); } } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
public static TTransport getKerberosTransport(String principal, String host, TTransport underlyingTransport, Map<String, String> saslProps, boolean assumeSubject) throws SaslException { try { String[] names = principal.split("[/@]"); if (names.length != 3) { throw new IllegalArgumentException("Kerberos principal should have 3 parts: " + principal); } if (assumeSubject) { return createSubjectAssumedTransport(principal, underlyingTransport, saslProps); } else { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); return authBridge.createClientTransport(principal, host, "KERBEROS", null, underlyingTransport, saslProps); } } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
public static TTransport getKerberosTransport(String principal, String host, TTransport underlyingTransport, Map<String, String> saslProps, boolean assumeSubject) throws SaslException { try { String[] names = principal.split("[/@]"); if (names.length != 3) { throw new IllegalArgumentException("Kerberos principal should have 3 parts: " + principal); } if (assumeSubject) { return createSubjectAssumedTransport(principal, underlyingTransport, saslProps); } else { HadoopThriftAuthBridge.Client authBridge = ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos"); return authBridge.createClientTransport(principal, host, "KERBEROS", null, underlyingTransport, saslProps); } } catch (IOException e) { throw new SaslException("Failed to open client transport", e); } }
@Override public void run() { try { HiveMetaStore.startMetaStore(msPort, ShimLoader.getHadoopThriftAuthBridge(), serverConf); LOG.info("Started metastore server on port " + msPort); } catch (Throwable e) { LOG.error("Metastore Thrift Server threw an exception...", e); } } });
protected static void startHiveMetaStore() throws Exception { final int port = MetaStoreUtils.findFreePort(); hiveConf.set(METASTOREURIS.varname, "thrift://localhost:" + port); MetaStoreUtils.startMetaStore(port, ShimLoader.getHadoopThriftAuthBridge(), hiveConf); }
saslServer = ShimLoader.getHadoopThriftAuthBridge() .createServer(conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB), conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL));
saslServer = ShimLoader.getHadoopThriftAuthBridge() .createServer(conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB), conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL));