[2/9] phoenix git commit: PHOENIX-4533 Modified Query Server to use two sets of Kerberos credentials

elserj Fri, 25 May 2018 14:33:12 -0700

PHOENIX-4533 Modified Query Server to use two sets of Kerberos credentials

Signed-off-by: Josh Elser <els...@apache.org>



Project: http://git-wip-us.apache.org/repos/asf/phoenix/repo
Commit: http://git-wip-us.apache.org/repos/asf/phoenix/commit/0132bf68
Tree: http://git-wip-us.apache.org/repos/asf/phoenix/tree/0132bf68
Diff: http://git-wip-us.apache.org/repos/asf/phoenix/diff/0132bf68

Branch: refs/heads/4.x-HBase-1.1
Commit: 0132bf684966dbffd08bfcd8ede5fc4f31d08ca5
Parents: add7dd0
Author: Lev Bronshtein <lbronsht...@bloomberg.net>
Authored: Wed Jan 31 22:37:50 2018 -0500
Committer: Josh Elser <els...@apache.org>
Committed: Fri May 25 15:16:41 2018 -0400

----------------------------------------------------------------------
 .../org/apache/phoenix/query/QueryServices.java    |  2 ++
 .../phoenix/queryserver/server/QueryServer.java    | 17 ++++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/phoenix/blob/0132bf68/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
----------------------------------------------------------------------
diff --git 
a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java 
b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
index bbd88f3..5e0a8f1 100644
--- a/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
+++ b/phoenix-core/src/main/java/org/apache/phoenix/query/QueryServices.java
@@ -237,7 +237,9 @@ public interface QueryServices extends SQLCloseable {
     public static final String QUERY_SERVER_ENV_LOGGING_ATTRIB = 
"phoenix.queryserver.envvars.logging.disabled";
     public static final String QUERY_SERVER_ENV_LOGGING_SKIPWORDS_ATTRIB = 
"phoenix.queryserver.envvars.logging.skipwords";
     public static final String QUERY_SERVER_KEYTAB_FILENAME_ATTRIB = 
"phoenix.queryserver.keytab.file";
+    public static final String QUERY_SERVER_HTTP_KEYTAB_FILENAME_ATTRIB = 
"phoenix.queryserver.http.keytab.file";
     public static final String QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB = 
"phoenix.queryserver.kerberos.principal";
+    public static final String QUERY_SERVER_KERBEROS_HTTP_PRINCIPAL_ATTRIB = 
"phoenix.queryserver.kerberos.http.principal";
     public static final String QUERY_SERVER_DNS_NAMESERVER_ATTRIB = 
"phoenix.queryserver.dns.nameserver";
     public static final String QUERY_SERVER_DNS_INTERFACE_ATTRIB = 
"phoenix.queryserver.dns.interface";
     public static final String QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB = 
"hbase.security.authentication";

http://git-wip-us.apache.org/repos/asf/phoenix/blob/0132bf68/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
----------------------------------------------------------------------
diff --git 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index 288e4f5..6b1fcfe 100644
--- 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -244,6 +244,11 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
 
         String keytabPath = 
getConf().get(QueryServices.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB);
         File keytab = new File(keytabPath);
+        String httpKeytabPath = 
getConf().get(QueryServices.QUERY_SERVER_HTTP_KEYTAB_FILENAME_ATTRIB, null);
+        String httpPrincipal = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_HTTP_PRINCIPAL_ATTRIB, null);
+        File httpKeytab = null;
+        if (null != httpKeytabPath)
+          httpKeytab = new File(httpKeytabPath);
 
         String realmsString = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_ALLOWED_REALMS, null);
         String[] additionalAllowedRealms = null;
@@ -252,9 +257,15 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
         }
 
         // Enable SPNEGO and impersonation (through standard Hadoop 
configuration means)
-        builder.withSpnego(ugi.getUserName(), additionalAllowedRealms)
-            .withAutomaticLogin(keytab)
-            .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
+        if ((null != httpKeytabPath) && (null != httpPrincipal))
+          builder.withSpnego(httpPrincipal, additionalAllowedRealms)
+              .withAutomaticLogin(httpKeytab)
+              .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
+        else
+          builder.withSpnego(ugi.getUserName(), additionalAllowedRealms)
+              .withAutomaticLogin(keytab)
+              .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
+
 
       }
       setRemoteUserExtractorIfNecessary(builder, getConf());

[2/9] phoenix git commit: PHOENIX-4533 Modified Query Server to use two sets of Kerberos credentials

Reply via email to