stoty commented on code in PR #123:
URL:
https://github.com/apache/phoenix-queryserver/pull/123#discussion_r1140038198
##########
phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java:
##########
@@ -633,6 +625,26 @@ SimpleLRUCache<String,UserGroupInformation> getCache() {
}
}
+ /**
+ * The new Jetty kerberos implementation that we use strips the realm from
the principal, which
+ * and Hadoop cannot process that.
+ * This strips the hostname part as well, so that only the username remains.
+
+ * @param remoteUserName the principal as received from Jetty
+ * @return the principal without the hostname part
+ */
+ //FIXME We are probably compensating for a Jetty a bug, which should really
be fixed in Jetty
+ private static String stripHostNameFromPrincipal(String remoteUserName) {
+ // realm got removed from remoteUserName in CALCITE-4152
+ // so we remove the instance name to avoid geting
KerberosName$NoMatchingRule exception
+ int atSignIndex = remoteUserName.indexOf('@');
+ int separatorIndex = remoteUserName.indexOf('/');
+ if (atSignIndex == -1 && separatorIndex > 0) {
+ remoteUserName = remoteUserName.substring(0, separatorIndex);
+ }
Review Comment:
The API being able to handle the full perincipal is just an assumption.
I'm going to test this, and try to figure out what we should get via SPNEGO
from Jetty next wek.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
