Shi,
HTTP user authentication refers to the authentication between the
Avatica client (in Phoenix parlance: sqlline-thin) and the Avatica
server (Phoenix Query Server).
The database user authentication refers to any authentication that is
down at the JDBC level inside of the server. For Phoenix, there is no
such authentication support.
In future Avatica releases,
https://issues.apache.org/jira/browse/CALCITE-1538 will provide the
ability to specify a custom keystore and truststore via the JDBC URL
without the need to specify the system properties at the JVM level.
As to your actual environment, it would appear that Knox is disallowing
your user "guest" with the password "guest-password". This isn't an
Avatica question, instead a question of how you have configured Knox and
the valid credentials for that Knox configuration.
- Josh
Shi Wang wrote:
Hi,
Recently I am trying connect to PQS with sqlline-thin client and go
through knox, but it throws 401 error
java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/401
at
org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientImpl.send(AvaticaCommonsHttpClientImpl.java:138)
at
org.apache.calcite.avatica.remote.RemoteProtobufService._apply(RemoteProtobufService.java:44)
at
org.apache.calcite.avatica.remote.ProtobufService.apply(ProtobufService.java:81)
at org.apache.calcite.avatica.remote.Driver.connect(Driver.java:175)
at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157)
at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:203)
at sqlline.Commands.connect(Commands.java:1064)
at sqlline.Commands.connect(Commands.java:996)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36)
at sqlline.SqlLine.dispatch(SqlLine.java:803)
at sqlline.SqlLine.initArgs(SqlLine.java:588)
at sqlline.SqlLine.begin(SqlLine.java:656)
at sqlline.SqlLine.start(SqlLine.java:398)
at sqlline.SqlLine.main(SqlLine.java:292)
at
org.apache.phoenix.queryserver.client.SqllineWrapper.main(SqllineWrapper.java:83)
sqlline version 1.1.9
I added knox -Djavax.net.ssl.trustStore -Djavax.net.ssl.trustStorePassword
for the ssl handshake to success.
Also
add authentication=BASIC;avatica_user=guest;avatica_password=guest-password
after knox url for basic authentication by knox.
I was wondering if user guest or knox need to be added in some acl? Also
how db user authentication is related to http user authentication?
Best,
Shi
