This is an automated email from the ASF dual-hosted git repository.
feiwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new 483d950ca [KYUUBI #4156] Issue engine token when opening engine
session to prevent token expiration
483d950ca is described below
commit 483d950ca64e8ec7eb1e5925369e1fadb14f8346
Author: fwang12 <[email protected]>
AuthorDate: Fri Jan 13 12:28:16 2023 +0800
[KYUUBI #4156] Issue engine token when opening engine session to prevent
token expiration
### _Why are the changes needed?_
Issue engine token when opening engine session to prevent token expiration.
```
def authToken(tokenStr: String): Unit = {
val identifier =
try {
KyuubiInternalAccessIdentifier.fromJson(decrypt(tokenStr))
} catch {
case _: Exception =>
throw KyuubiSQLException("Invalid engine access token")
}
if (identifier.issueDate + identifier.maxDate <
System.currentTimeMillis()) {
throw KyuubiSQLException("The engine access token is expired")
}
}
```
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including
negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [x] [Run
test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests)
locally before make a pull request
Closes #4156 from turboFei/engine_token.
Closes #4156
1300fcf21 [fwang12] engine token expire
Authored-by: fwang12 <[email protected]>
Signed-off-by: fwang12 <[email protected]>
---
.../scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git
a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
index 3d33daff9..b66939096 100644
---
a/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
+++
b/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionImpl.scala
@@ -130,12 +130,6 @@ class KyuubiSessionImpl(
openEngineSessionConf =
optimizedConf ++ Map(KYUUBI_ENGINE_CREDENTIALS_KEY ->
engineCredentials)
}
- val passwd =
- if (sessionManager.getConf.get(ENGINE_SECURITY_ENABLED)) {
- InternalSecurityAccessor.get().issueToken()
- } else {
- Option(password).filter(_.nonEmpty).getOrElse("anonymous")
- }
if (sessionConf.get(SESSION_USER_SIGN_ENABLED)) {
openEngineSessionConf = openEngineSessionConf +
@@ -154,6 +148,12 @@ class KyuubiSessionImpl(
while (attempt <= maxAttempts && shouldRetry) {
val (host, port) = engine.getOrCreate(discoveryClient, extraEngineLog)
try {
+ val passwd =
+ if (sessionManager.getConf.get(ENGINE_SECURITY_ENABLED)) {
+ InternalSecurityAccessor.get().issueToken()
+ } else {
+ Option(password).filter(_.nonEmpty).getOrElse("anonymous")
+ }
_client = KyuubiSyncThriftClient.createClient(user, passwd, host,
port, sessionConf)
_engineSessionHandle = _client.openSession(protocol, user, passwd,
openEngineSessionConf)
logSessionInfo(s"Connected to engine
[$host:$port]/[${client.engineId.getOrElse("")}]" +
