bowenliang123 commented on code in PR #3235:
URL: https://github.com/apache/incubator-kyuubi/pull/3235#discussion_r947075717
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala:
##########
@@ -645,6 +647,51 @@ object KyuubiConf {
.stringConf
.createWithDefault("uid")
+ val AUTHENTICATION_JDBC_DRIVER: OptionalConfigEntry[String] =
+ buildConf("kyuubi.authentication.jdbc.driver.class")
+ .doc("Driver class name for JDBC Authentication Provider.")
+ .version("1.6.0")
+ .stringConf
+ .createOptional
+
+ val AUTHENTICATION_JDBC_URL: OptionalConfigEntry[String] =
+ buildConf("kyuubi.authentication.jdbc.url")
+ .doc("JDBC URL for JDBC Authentication Provider.")
+ .version("1.6.0")
+ .stringConf
+ .createOptional
+
+ val AUTHENTICATION_JDBC_USERNAME: OptionalConfigEntry[String] =
+ buildConf("kyuubi.authentication.jdbc.username")
+ .doc("Database username for JDBC Authentication Provider.")
+ .version("1.6.0")
+ .stringConf
+ .createOptional
+
+ val AUTHENTICATION_JDBC_PASSWORD: OptionalConfigEntry[String] =
+ buildConf("kyuubi.authentication.jdbc.password")
+ .doc("Database password for JDBC Authentication Provider.")
+ .version("1.6.0")
+ .stringConf
+ .createOptional
+
+ val AUTHENTICATION_JDBC_QUERY: OptionalConfigEntry[String] =
+ buildConf("kyuubi.authentication.jdbc.query")
+ .doc("Query SQL template with placeholders " +
+ "for JDBC Authentication Provider to execute. " +
+ "Authentication passes if at least one row fetched in the result set."
+
+ "Available placeholders are: <ul>" +
+ "<li>`${username}`</li>" +
+ "<li>`${password}`</li></ul>" +
+ "eg.: query sql `SELECT 1 FROM auth_table WHERE user=${username} AND "
+
+ "passwd=MD5(CONCAT(salt,${password}));` " +
+ "will be prepared as: `SELECT 1 FROM auth_table " +
+ "WHERE user=? AND passwd=MD5(CONCAT(salt,?));`" +
+ " with value replacement of `username` and `password` in string type.")
+ .version("1.6.0")
+ .stringConf
+ .createOptional
Review Comment:
yes, got your idea. Thus the compatibility is still limited , eg. Md5 is not
supported in Derby (?). Plus we are not suggesting users to choose in hash or
encryptions, rather than encourage them to maximize usage in conditions, rules,
joins and methods in their senarios, eg. limit max 5 times logs within 1 min
with specific prefix in username or different types of password or tokens.
And the details of hash/encrypt functions should be carefully set and used
in the query. We could leave them to users.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
