[23/50] [abbrv] phoenix git commit: PHOENIX-3686 Allow client-authentication to be disabled for PQS

maryannxue Thu, 16 Mar 2017 14:11:47 -0700

PHOENIX-3686 Allow client-authentication to be disabled for PQS


Project: http://git-wip-us.apache.org/repos/asf/phoenix/repo
Commit: http://git-wip-us.apache.org/repos/asf/phoenix/commit/8e1d10b3
Tree: http://git-wip-us.apache.org/repos/asf/phoenix/tree/8e1d10b3
Diff: http://git-wip-us.apache.org/repos/asf/phoenix/diff/8e1d10b3

Branch: refs/heads/calcite
Commit: 8e1d10b3f1e91d003f7dd554f8c261352cbd3b43
Parents: 877cac3
Author: Josh Elser <[email protected]>
Authored: Mon Feb 20 17:22:15 2017 -0500
Committer: Josh Elser <[email protected]>
Committed: Tue Feb 28 15:10:05 2017 -0500

----------------------------------------------------------------------
 .../org/apache/phoenix/query/QueryServices.java   |  3 ++-
 .../phoenix/query/QueryServicesOptions.java       |  2 ++
 .../queryserver/client/SqllineWrapper.java        | 18 ++++++++++++++----
 .../phoenix/queryserver/server/QueryServer.java   |  5 ++++-
 4 files changed, 22 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/phoenix/blob/8e1d10b3/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
----------------------------------------------------------------------
diff --git 
a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java 
b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
index 8f0b06e..1366add 100644
--- a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
+++ b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
@@ -216,7 +216,8 @@ public interface QueryServices extends SQLCloseable {
     public static final String QUERY_SERVER_UGI_CACHE_INITIAL_SIZE = 
"phoenix.queryserver.ugi.cache.initial.size";
     public static final String QUERY_SERVER_UGI_CACHE_CONCURRENCY = 
"phoenix.queryserver.ugi.cache.concurrency";
     public static final String QUERY_SERVER_KERBEROS_ALLOWED_REALMS = 
"phoenix.queryserver.kerberos.allowed.realms";
-    
+    public static final String QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB = 
"phoenix.queryserver.spnego.auth.disabled";
+
     public static final String RENEW_LEASE_ENABLED = 
"phoenix.scanner.lease.renew.enabled";
     public static final String RUN_RENEW_LEASE_FREQUENCY_INTERVAL_MILLISECONDS 
= "phoenix.scanner.lease.renew.interval";
     public static final String RENEW_LEASE_THRESHOLD_MILLISECONDS = 
"phoenix.scanner.lease.threshold";

http://git-wip-us.apache.org/repos/asf/phoenix/blob/8e1d10b3/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java
----------------------------------------------------------------------
diff --git 
a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java 
b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java
index 15ea956..f885d5c 100644
--- 
a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java
+++ 
b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServicesOptions.java
@@ -253,6 +253,8 @@ public class QueryServicesOptions {
     public static final long DEFAULT_QUERY_SERVER_UGI_CACHE_MAX_SIZE = 1000L;
     public static final int DEFAULT_QUERY_SERVER_UGI_CACHE_INITIAL_SIZE = 100;
     public static final int DEFAULT_QUERY_SERVER_UGI_CACHE_CONCURRENCY = 10;
+    public static final boolean DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED = 
false;
+
     public static final boolean DEFAULT_RENEW_LEASE_ENABLED = true;
     public static final int 
DEFAULT_RUN_RENEW_LEASE_FREQUENCY_INTERVAL_MILLISECONDS =
             DEFAULT_HBASE_CLIENT_SCANNER_TIMEOUT_PERIOD / 2;

http://git-wip-us.apache.org/repos/asf/phoenix/blob/8e1d10b3/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
----------------------------------------------------------------------
diff --git 
a/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
 
b/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
index 44cc0d3..7a22334 100644
--- 
a/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
+++ 
b/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/SqllineWrapper.java
@@ -29,11 +29,11 @@ import sqlline.SqlLine;
  */
 public class SqllineWrapper {
   public static final String HBASE_AUTHENTICATION_ATTR = 
"hbase.security.authentication";
+  public static final String QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB = 
"phoenix.queryserver.spnego.auth.disabled";
+  public static final boolean DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED = 
false;
 
-  static UserGroupInformation loginIfNecessary() {
+  static UserGroupInformation loginIfNecessary(Configuration conf) {
     // Try to avoid HBase dependency too. Sadly, we have to bring in all of 
hadoop-common for this..
-    Configuration conf = new Configuration(false);
-    conf.addResource("hbase-site.xml");
     if ("kerberos".equalsIgnoreCase(conf.get(HBASE_AUTHENTICATION_ATTR))) {
       // sun.security.krb5.principal is the property for setting the principal 
name, if that
       // isn't set, fall back to user.name and hope for the best.
@@ -68,7 +68,17 @@ public class SqllineWrapper {
   }
 
   public static void main(String[] args) throws Exception {
-    UserGroupInformation ugi = loginIfNecessary();
+    final Configuration conf = new Configuration(false);
+    conf.addResource("hbase-site.xml");
+
+    // Check if the server config says SPNEGO auth is actually disabled.
+    final boolean disableSpnego = 
conf.getBoolean(QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB,
+        DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED);
+    if (disableSpnego) {
+      SqlLine.main(args);
+    }
+
+    UserGroupInformation ugi = loginIfNecessary(conf);
 
     if (null != ugi) {
       final String[] updatedArgs = updateArgsForKerberos(args);

http://git-wip-us.apache.org/repos/asf/phoenix/blob/8e1d10b3/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
----------------------------------------------------------------------
diff --git 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index 8c44938..60d3f86 100644
--- 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -173,9 +173,12 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
     try {
       final boolean isKerberos = "kerberos".equalsIgnoreCase(getConf().get(
           QueryServices.QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB));
+      final boolean disableSpnego = 
getConf().getBoolean(QueryServices.QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB,
+              QueryServicesOptions.DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED);
+
 
       // handle secure cluster credentials
-      if (isKerberos) {
+      if (isKerberos && !disableSpnego) {
         String hostname = 
Strings.domainNamePointerToHostName(DNS.getDefaultHost(
             getConf().get(QueryServices.QUERY_SERVER_DNS_INTERFACE_ATTRIB, 
"default"),
             getConf().get(QueryServices.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, 
"default")));

[23/50] [abbrv] phoenix git commit: PHOENIX-3686 Allow client-authentication to be disabled for PQS

Reply via email to