knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dillido...@apache.org
Subject git commit: KNOX-341: Knox needs to work with secure Hive asserting authenticated user as doAs
Date Fri, 28 Mar 2014 18:34:49 GMT
Repository: knox
Updated Branches:
  refs/heads/v0.4.0 49eb750c4 -> c9ce1623d


KNOX-341: Knox needs to work with secure Hive asserting authenticated user as doAs


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c9ce1623
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c9ce1623
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c9ce1623

Branch: refs/heads/v0.4.0
Commit: c9ce1623d9a91c01885e469862f281b367197822
Parents: 49eb750
Author: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Authored: Fri Mar 28 11:20:09 2014 -0700
Committer: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Committed: Fri Mar 28 11:25:27 2014 -0700

----------------------------------------------------------------------
 .../gateway/hive/HiveHttpClientDispatch.java    | 40 ++++++++++++++++++++
 1 file changed, 40 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/c9ce1623/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveHttpClientDispatch.java
----------------------------------------------------------------------
diff --git a/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveHttpClientDispatch.java
b/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveHttpClientDispatch.java
index a52b61f..21d39ba 100644
--- a/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveHttpClientDispatch.java
+++ b/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveHttpClientDispatch.java
@@ -19,12 +19,25 @@ package org.apache.hadoop.gateway.hive;
 
 import org.apache.hadoop.gateway.dispatch.HttpClientDispatch;
 import org.apache.hadoop.gateway.security.PrimaryPrincipal;
+import org.apache.http.Header;
+import org.apache.http.HttpResponse;
+import org.apache.http.HttpStatus;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
 import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.ClientProtocolException;
 import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.client.params.AuthPolicy;
 import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.impl.auth.SPNegoSchemeFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.message.BasicHeader;
+
 import javax.security.auth.Subject;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
+
+import java.io.IOException;
 import java.security.AccessController;
 import java.security.Principal;
 
@@ -36,6 +49,7 @@ public class HiveHttpClientDispatch extends HttpClientDispatch {
   private static final String BASIC_AUTH_PREEMPTIVE_PARAM = "basicAuthPreemptive";
   private static final String PASSWORD_PLACEHOLDER = "*";
   private boolean basicAuthPreemptive = false;
+  private static final EmptyJaasCredentials EMPTY_JAAS_CREDENTIALS = new EmptyJaasCredentials();
 
   @Override
   public void init( FilterConfig filterConfig ) throws ServletException {
@@ -75,5 +89,31 @@ public class HiveHttpClientDispatch extends HttpClientDispatch {
   public boolean isBasicAuthPreemptive() {
     return basicAuthPreemptive;
   }
+  
+  protected HttpResponse executeKerberosDispatch(HttpUriRequest outboundRequest,
+      DefaultHttpClient client) throws IOException, ClientProtocolException {
+    //DefaultHttpClient client = new DefaultHttpClient();
+    SPNegoSchemeFactory spNegoSF = new SPNegoSchemeFactory(
+          /* stripPort */true);
+    // spNegoSF.setSpengoGenerator(new BouncySpnegoTokenGenerator());
+    client.getAuthSchemes().register(AuthPolicy.SPNEGO, spNegoSF);
+    client.getCredentialsProvider().setCredentials(
+        new AuthScope(/* host */null, /* port */-1, /* realm */null),
+        EMPTY_JAAS_CREDENTIALS);
+    return client.execute(outboundRequest);
+  }
+ 
+  private static class EmptyJaasCredentials implements Credentials {
+
+    public String getPassword() {
+      return null;
+    }
+
+    public Principal getUserPrincipal() {
+      return null;
+    }
+
+  }
+  
 }
 


Mime
View raw message