risdenk commented on a change in pull request #92: [WIP][CALCITE-2972] Upgrade
jetty to 9.4.15.v20190215
URL: https://github.com/apache/calcite-avatica/pull/92#discussion_r271474119
##########
File path:
server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
##########
@@ -337,17 +343,23 @@ protected ConstraintSecurityHandler
configureSpnego(Server server,
AvaticaServerConfiguration config) {
final String realm = Objects.requireNonNull(config.getKerberosRealm());
final String principal =
Objects.requireNonNull(config.getKerberosPrincipal());
-
- // A customization of SpnegoLoginService to explicitly set the server's
principal, otherwise
- // we would have to require a custom file to set the server's principal.
- PropertyBasedSpnegoLoginService spnegoLoginService =
- new PropertyBasedSpnegoLoginService(realm, principal);
+ final String principalWithoutRealm = principal.split("@", 2)[0];
+ final String[] principalParts = principalWithoutRealm.split("/", 2);
+ final String serviceName = principalParts[0];
+ final String hostname = principalParts[1];
+ final Path keytabPath = config.getKerberosKeytab();
+
+ ConfigurableSpnegoLoginService spnegoLoginService =
+ new ConfigurableSpnegoLoginService(realm, new
TestAuthorizationService());
+ spnegoLoginService.setServiceName(serviceName);
+ spnegoLoginService.setHostName(hostname);
+ spnegoLoginService.setKeyTabPath(keytabPath);
Review comment:
It looks like Avatica server currently supports logging in without a keytab.
Jetty wants to now manage the Kerberos lifecycle and login.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
