This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch branch-1.8
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/branch-1.8 by this push:
new 035370690 [KYUUBI #5564] Support to config ticket cache location in
JDBC URL
035370690 is described below
commit 03537069067ea21a7af903aa0bc182e653bccb86
Author: fwang12 <[email protected]>
AuthorDate: Fri Nov 3 00:35:27 2023 +0800
[KYUUBI #5564] Support to config ticket cache location in JDBC URL
### _Why are the changes needed?_
Support to config customized ticket cache location in kyuubi connection URL.
Before, we can only set it via environment variable `KRB5CCNAME`.
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including
negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [x] [Run
test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests)
locally before make a pull request
### _Was this patch authored or co-authored using generative AI tooling?_
No.
Closes #5564 from turboFei/ticket_cache.
Closes #5564
140ae6ec2 [fwang12] since 1.8.0
caaf33a44 [fwang12] check is blank
0fae9f9c5 [fwang12] doc
05b9e9df8 [fwang12] ticket cache
Authored-by: fwang12 <[email protected]>
Signed-off-by: Cheng Pan <[email protected]>
(cherry picked from commit c149809fb94f0d197c717530cd812e8f9b3b93cd)
Signed-off-by: Cheng Pan <[email protected]>
---
docs/client/jdbc/kyuubi_jdbc.rst | 1 +
.../org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java | 1 +
.../java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java | 3 ++-
.../kyuubi/jdbc/hive/auth/KerberosAuthentication.java | 13 ++++++++-----
.../jdbc/hive/auth/KerberosAuthenticationManager.java | 5 +++--
5 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/docs/client/jdbc/kyuubi_jdbc.rst b/docs/client/jdbc/kyuubi_jdbc.rst
index 7a63dbd98..a3c56b418 100644
--- a/docs/client/jdbc/kyuubi_jdbc.rst
+++ b/docs/client/jdbc/kyuubi_jdbc.rst
@@ -194,6 +194,7 @@ It's straightforward to use principal and keytab for
Kerberos authentication, ju
- kyuubiClientPrincipal: Kerberos ``principal`` for client authentication
- kyuubiClientKeytab: path of Kerberos ``keytab`` file for client
authentication
+- kyuubiClientTicketCache: path of Kerberos ``ticketCache`` file for client
authentication, available since 1.8.0.
- kyuubiServerPrincipal: Kerberos ``principal`` configured by
`kyuubi.kinit.principal` at the server side. ``kyuubiServerPrincipal`` is
available
as an alias of ``principal`` since 1.7.0, use ``principal`` for previous
versions.
diff --git
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
index bcc94e083..d3c77a77f 100644
---
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
+++
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
@@ -49,6 +49,7 @@ public class JdbcConnectionParams {
public static final String AUTH_KYUUBI_SERVER_PRINCIPAL =
"kyuubiServerPrincipal";
public static final String AUTH_KYUUBI_CLIENT_PRINCIPAL =
"kyuubiClientPrincipal";
public static final String AUTH_KYUUBI_CLIENT_KEYTAB = "kyuubiClientKeytab";
+ public static final String AUTH_KYUUBI_CLIENT_TICKET_CACHE =
"kyuubiClientTicketCache";
public static final String AUTH_PASSWD = "password";
public static final String AUTH_KERBEROS_AUTH_TYPE = "kerberosAuthType";
public static final String AUTH_KERBEROS_AUTH_TYPE_FROM_SUBJECT =
"fromSubject";
diff --git
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
index d3fbbeb6d..39a74e2f5 100644
---
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
+++
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
@@ -882,7 +882,8 @@ public class KyuubiConnection implements SQLConnection,
KyuubiLoggable {
AccessControlContext context = AccessController.getContext();
return Subject.getSubject(context);
} else if (isTgtCacheAuthMode()) {
- return
KerberosAuthenticationManager.getTgtCacheAuthentication().getSubject();
+ String ticketCache = sessConfMap.get(AUTH_KYUUBI_CLIENT_TICKET_CACHE);
+ return
KerberosAuthenticationManager.getTgtCacheAuthentication(ticketCache).getSubject();
} else {
// This should never happen
throw new IllegalArgumentException("Unsupported auth mode");
diff --git
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/KerberosAuthentication.java
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/KerberosAuthentication.java
index a7683523f..a137fbb99 100644
---
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/KerberosAuthentication.java
+++
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/KerberosAuthentication.java
@@ -37,6 +37,7 @@ import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -48,8 +49,8 @@ public class KerberosAuthentication {
private KerberosPrincipal principal = null;
private final Configuration configuration;
- KerberosAuthentication() {
- this.configuration = createLoginFromTgtCacheConfiguration();
+ KerberosAuthentication(String ticketCache) {
+ this.configuration = createLoginFromTgtCacheConfiguration(ticketCache);
}
KerberosAuthentication(String principal, String keytabLocation) {
@@ -96,14 +97,16 @@ public class KerberosAuthentication {
}
}
- private static Configuration createLoginFromTgtCacheConfiguration() {
+ private static Configuration createLoginFromTgtCacheConfiguration(String
ticketCache) {
ImmutableMap.Builder<String, String> optionsBuilder =
ImmutableMap.<String, String>builder()
.put("useTicketCache", "true")
.put("renewTGT", "true");
- String ticketCache = System.getenv("KRB5CCNAME");
- if (ticketCache != null) {
+ if (StringUtils.isBlank(ticketCache)) {
+ ticketCache = System.getenv("KRB5CCNAME");
+ }
+ if (StringUtils.isNotBlank(ticketCache)) {
optionsBuilder.put("ticketCache", ticketCache);
}
return createConfiguration(optionsBuilder);
diff --git
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/KerberosAuthenticationManager.java
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/KerberosAuthenticationManager.java
index 92927985f..3df9aa836 100644
---
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/KerberosAuthenticationManager.java
+++
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/auth/KerberosAuthenticationManager.java
@@ -27,9 +27,10 @@ public class KerberosAuthenticationManager {
private static final Map<String, CachingKerberosAuthentication>
KEYTAB_AUTHENTICATION_CACHE =
new ConcurrentHashMap<>();
- public static synchronized CachingKerberosAuthentication
getTgtCacheAuthentication() {
+ public static synchronized CachingKerberosAuthentication
getTgtCacheAuthentication(
+ String ticketCache) {
if (GLOBAL_TGT_CACHE_AUTHENTICATION == null) {
- KerberosAuthentication tgtCacheAuth = new KerberosAuthentication();
+ KerberosAuthentication tgtCacheAuth = new
KerberosAuthentication(ticketCache);
GLOBAL_TGT_CACHE_AUTHENTICATION = new
CachingKerberosAuthentication(tgtCacheAuth);
}
return GLOBAL_TGT_CACHE_AUTHENTICATION;
