[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16005264#comment-16005264 ] Thejas M Nair commented on HIVE-14966: -- Just for reference, this is also consistent with Hadoop's behavior - https://github.com/apache/hadoop/blob/release-2.7.1/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L501 https://github.com/apache/hadoop/blob/release-2.7.1/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L634 > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.2.1, 2.1.0 >Reporter: Gopal V >Assignee: Gopal V > Labels: TODOC2.2 > Fix For: 2.2.0 > > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15579148#comment-15579148 ] Lefty Leverenz commented on HIVE-14966: --- Cool. Thanks Gopal. > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.2.1, 2.1.0 >Reporter: Gopal V >Assignee: Gopal V > Labels: TODOC2.2 > Fix For: 2.2.0 > > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15579111#comment-15579111 ] Gopal V commented on HIVE-14966: Yes, [~leftylev] - with this patch the configuration disappears & leaves no ability for a user to misconfigure this. > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.2.1, 2.1.0 >Reporter: Gopal V >Assignee: Gopal V > Labels: TODOC2.2 > Fix For: 2.2.0 > > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15579088#comment-15579088 ] Lefty Leverenz commented on HIVE-14966: --- Does this need to be documented in the wiki? If so, where? * [Setting Up HiveServer2 -- Running in HTTP Mode | https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-RunninginHTTPMode] * [HiveServer2 Clients -- Supporting Cookie Replay in HTTP Mode | https://cwiki.apache.org/confluence/display/Hive/HiveServer2+Clients#HiveServer2Clients-SupportingCookieReplayinHTTPMode] Adding a TODOC2.2 label because (at least) the wiki needs to be updated for the deprecation of *hive.server2.thrift.http.cookie.is.secure*. * [Configuration Properties -- hive.server2.thrift.http.cookie.is.secure | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.thrift.http.cookie.is.secure] > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.2.1, 2.1.0 >Reporter: Gopal V >Assignee: Gopal V > Labels: TODOC2.2 > Fix For: 2.2.0 > > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15577501#comment-15577501 ] Gopal V commented on HIVE-14966: Failed tests have been failing for a while & unrelated. Filed bugs for flaky tests HIVE-14973 HIVE-14974 HIVE-14975 HIVE-14976 HIVE-14977 HIVE-14978 > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[
https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15577483#comment-15577483
]
Hive QA commented on HIVE-14966:
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12833463/HIVE-14966.2.patch
{color:green}SUCCESS:{color} +1 due to 2 test(s) being added or modified.
{color:red}ERROR:{color} -1 due to 7 failed/errored test(s), 10564 tests
executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[acid_globallimit]
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[order_null]
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[union_fast_stats]
org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJarWithoutAddDriverClazz[0]
org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[0]
org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[1]
org.apache.hive.jdbc.authorization.TestJdbcWithSQLAuthorization.testBlackListedUdfUsage
{noformat}
Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/1580/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/1580/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-1580/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 7 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12833463 - PreCommit-HIVE-Build
> JDBC: Make cookie-auth work in HTTP mode
>
>
> Key: HIVE-14966
> URL: https://issues.apache.org/jira/browse/HIVE-14966
> Project: Hive
> Issue Type: Bug
> Components: JDBC
>Affects Versions: 1.3.0, 2.2.0
>Reporter: Gopal V
>Assignee: Gopal V
> Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch
>
>
> HiveServer2 cookie-auth is non-functional and forces authentication to be
> repeated for the status check loop, row fetch loop and the get logs loop.
> The repeated auth in the fetch-loop is a performance issue, but is also
> causing occasional DoS responses from the remote auth-backend if this is not
> using local /etc/passwd.
> The HTTP-Cookie auth once made functional will behave similarly to the binary
> protocol, authenticating exactly once per JDBC session and not causing
> further load on the authentication backend irrespective how many rows are
> returned from the JDBC request.
> This due to the fact that the cookies are not sent out with matching flags
> for SSL usage.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[
https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15577153#comment-15577153
]
Hive QA commented on HIVE-14966:
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12833463/HIVE-14966.2.patch
{color:green}SUCCESS:{color} +1 due to 2 test(s) being added or modified.
{color:red}ERROR:{color} -1 due to 7 failed/errored test(s), 10564 tests
executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[acid_globallimit]
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[order_null]
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[union_fast_stats]
org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJarWithoutAddDriverClazz[0]
org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[0]
org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[1]
org.apache.hive.jdbc.authorization.TestJdbcWithSQLAuthorization.testBlackListedUdfUsage
{noformat}
Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/1575/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/1575/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-1575/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 7 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12833463 - PreCommit-HIVE-Build
> JDBC: Make cookie-auth work in HTTP mode
>
>
> Key: HIVE-14966
> URL: https://issues.apache.org/jira/browse/HIVE-14966
> Project: Hive
> Issue Type: Bug
> Components: JDBC
>Affects Versions: 1.3.0, 2.2.0
>Reporter: Gopal V
>Assignee: Gopal V
> Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch
>
>
> HiveServer2 cookie-auth is non-functional and forces authentication to be
> repeated for the status check loop, row fetch loop and the get logs loop.
> The repeated auth in the fetch-loop is a performance issue, but is also
> causing occasional DoS responses from the remote auth-backend if this is not
> using local /etc/passwd.
> The HTTP-Cookie auth once made functional will behave similarly to the binary
> protocol, authenticating exactly once per JDBC session and not causing
> further load on the authentication backend irrespective how many rows are
> returned from the JDBC request.
> This due to the fact that the cookies are not sent out with matching flags
> for SSL usage.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15576752#comment-15576752 ] Gopal V commented on HIVE-14966: Thanks [~taoli-hwx], I will change that too. > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15576740#comment-15576740 ] Tao Li commented on HIVE-14966: --- [~gopalv]] Thanks for the patch. Looks like the deprecated setting is referenced in org.apache.hive.minikdc.TestJdbcWithMiniKdcCookie.beforeTest(). Should we remove that as well? > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15576702#comment-15576702 ] Vaibhav Gumashta commented on HIVE-14966: - +1 Makes sense to me to use secure flag only when ssl is on (per https://tools.ietf.org/html/rfc6265#section-4.1.2). > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
