calcite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <els...@apache.org>
Subject Re: Question about PQS sqlline-thin go through knox
Date Wed, 22 Feb 2017 21:05:51 GMT
Shi,

HTTP user authentication refers to the authentication between the 
Avatica client (in Phoenix parlance: sqlline-thin) and the Avatica 
server (Phoenix Query Server).

The database user authentication refers to any authentication that is 
down at the JDBC level inside of the server. For Phoenix, there is no 
such authentication support.

In future Avatica releases, 
https://issues.apache.org/jira/browse/CALCITE-1538 will provide the 
ability to specify a custom keystore and truststore via the JDBC URL 
without the need to specify the system properties at the JVM level.

As to your actual environment, it would appear that Knox is disallowing 
your user "guest" with the password "guest-password". This isn't an 
Avatica question, instead a question of how you have configured Knox and 
the valid credentials for that Knox configuration.

- Josh

Shi Wang wrote:
> Hi,
>
> Recently I am trying connect to PQS with sqlline-thin client and go
> through knox, but it throws 401 error
> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/401
> at
> org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientImpl.send(AvaticaCommonsHttpClientImpl.java:138)
> at
> org.apache.calcite.avatica.remote.RemoteProtobufService._apply(RemoteProtobufService.java:44)
> at
> org.apache.calcite.avatica.remote.ProtobufService.apply(ProtobufService.java:81)
> at org.apache.calcite.avatica.remote.Driver.connect(Driver.java:175)
> at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157)
> at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:203)
> at sqlline.Commands.connect(Commands.java:1064)
> at sqlline.Commands.connect(Commands.java:996)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36)
> at sqlline.SqlLine.dispatch(SqlLine.java:803)
> at sqlline.SqlLine.initArgs(SqlLine.java:588)
> at sqlline.SqlLine.begin(SqlLine.java:656)
> at sqlline.SqlLine.start(SqlLine.java:398)
> at sqlline.SqlLine.main(SqlLine.java:292)
> at
> org.apache.phoenix.queryserver.client.SqllineWrapper.main(SqllineWrapper.java:83)
> sqlline version 1.1.9
>
> I added knox -Djavax.net.ssl.trustStore -Djavax.net.ssl.trustStorePassword
> for the ssl handshake to success.
> Also
> add authentication=BASIC;avatica_user=guest;avatica_password=guest-password
> after knox url for basic authentication by knox.
> I was wondering if user guest or knox need to be added in some acl? Also
> how db user authentication is related to http user authentication?
>
> Best,
> Shi
>
>
>
>

Mime
View raw message