Repository: hive Updated Branches: refs/heads/master b7e8d0c9c -> 5dfe23efa
HIVE-7443: Fix HiveConnection to communicate with Kerberized Hive JDBC server and alternative JDKs (Yu Gao & Aihua Xu, reviewed by Chaoyu Tang) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/5dfe23ef Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/5dfe23ef Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/5dfe23ef Branch: refs/heads/master Commit: 5dfe23efa964466585cdd50f26ccb054dd3a5859 Parents: b7e8d0c Author: Aihua Xu <aihu...@apache.org> Authored: Wed Jun 8 11:50:47 2016 -0400 Committer: Aihua Xu <aihu...@apache.org> Committed: Thu Jun 23 09:34:32 2016 -0400 ---------------------------------------------------------------------- .../hive/thrift/HadoopThriftAuthBridge.java | 30 ++++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/5dfe23ef/shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java ---------------------------------------------------------------------- diff --git a/shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java b/shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java index 86eb46d..d420d09 100644 --- a/shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java +++ b/shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java @@ -179,9 +179,9 @@ public abstract class HadoopThriftAuthBridge { public TTransport createClientTransport( String principalConfig, String host, - String methodStr, String tokenStrForm, TTransport underlyingTransport, - Map<String, String> saslProps) throws IOException { - AuthMethod method = AuthMethod.valueOf(AuthMethod.class, methodStr); + String methodStr, String tokenStrForm, final TTransport underlyingTransport, + final Map<String, String> saslProps) throws IOException { + final AuthMethod method = AuthMethod.valueOf(AuthMethod.class, methodStr); TTransport saslTransport = null; switch (method) { @@ -198,21 +198,27 @@ public abstract class HadoopThriftAuthBridge { case KERBEROS: String serverPrincipal = SecurityUtil.getServerPrincipal(principalConfig, host); - String names[] = SaslRpcServer.splitKerberosName(serverPrincipal); + final String names[] = SaslRpcServer.splitKerberosName(serverPrincipal); if (names.length != 3) { throw new IOException( "Kerberos principal name does NOT have the expected hostname part: " + serverPrincipal); } try { - saslTransport = new TSaslClientTransport( - method.getMechanismName(), - null, - names[0], names[1], - saslProps, null, - underlyingTransport); - return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser()); - } catch (SaslException se) { + return UserGroupInformation.getCurrentUser().doAs( + new PrivilegedExceptionAction<TUGIAssumingTransport>() { + @Override + public TUGIAssumingTransport run() throws IOException { + TTransport saslTransport = new TSaslClientTransport( + method.getMechanismName(), + null, + names[0], names[1], + saslProps, null, + underlyingTransport); + return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser()); + } + }); + } catch (InterruptedException | SaslException se) { throw new IOException("Could not instantiate SASL transport", se); }