[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16005264#comment-16005264 ] Thejas M Nair commented on HIVE-14966: -- Just for reference, this is also consistent with Hadoop's behavior - https://github.com/apache/hadoop/blob/release-2.7.1/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L501 https://github.com/apache/hadoop/blob/release-2.7.1/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L634 > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.2.1, 2.1.0 >Reporter: Gopal V >Assignee: Gopal V > Labels: TODOC2.2 > Fix For: 2.2.0 > > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15579148#comment-15579148 ] Lefty Leverenz commented on HIVE-14966: --- Cool. Thanks Gopal. > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.2.1, 2.1.0 >Reporter: Gopal V >Assignee: Gopal V > Labels: TODOC2.2 > Fix For: 2.2.0 > > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15579111#comment-15579111 ] Gopal V commented on HIVE-14966: Yes, [~leftylev] - with this patch the configuration disappears & leaves no ability for a user to misconfigure this. > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.2.1, 2.1.0 >Reporter: Gopal V >Assignee: Gopal V > Labels: TODOC2.2 > Fix For: 2.2.0 > > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15579088#comment-15579088 ] Lefty Leverenz commented on HIVE-14966: --- Does this need to be documented in the wiki? If so, where? * [Setting Up HiveServer2 -- Running in HTTP Mode | https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-RunninginHTTPMode] * [HiveServer2 Clients -- Supporting Cookie Replay in HTTP Mode | https://cwiki.apache.org/confluence/display/Hive/HiveServer2+Clients#HiveServer2Clients-SupportingCookieReplayinHTTPMode] Adding a TODOC2.2 label because (at least) the wiki needs to be updated for the deprecation of *hive.server2.thrift.http.cookie.is.secure*. * [Configuration Properties -- hive.server2.thrift.http.cookie.is.secure | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.thrift.http.cookie.is.secure] > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.2.1, 2.1.0 >Reporter: Gopal V >Assignee: Gopal V > Labels: TODOC2.2 > Fix For: 2.2.0 > > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15577501#comment-15577501 ] Gopal V commented on HIVE-14966: Failed tests have been failing for a while & unrelated. Filed bugs for flaky tests HIVE-14973 HIVE-14974 HIVE-14975 HIVE-14976 HIVE-14977 HIVE-14978 > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15577483#comment-15577483 ] Hive QA commented on HIVE-14966: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12833463/HIVE-14966.2.patch {color:green}SUCCESS:{color} +1 due to 2 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 7 failed/errored test(s), 10564 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[acid_globallimit] org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[order_null] org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[union_fast_stats] org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJarWithoutAddDriverClazz[0] org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[0] org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[1] org.apache.hive.jdbc.authorization.TestJdbcWithSQLAuthorization.testBlackListedUdfUsage {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/1580/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/1580/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-1580/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 7 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12833463 - PreCommit-HIVE-Build > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15577153#comment-15577153 ] Hive QA commented on HIVE-14966: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12833463/HIVE-14966.2.patch {color:green}SUCCESS:{color} +1 due to 2 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 7 failed/errored test(s), 10564 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[acid_globallimit] org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[order_null] org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[union_fast_stats] org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJarWithoutAddDriverClazz[0] org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[0] org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[1] org.apache.hive.jdbc.authorization.TestJdbcWithSQLAuthorization.testBlackListedUdfUsage {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/1575/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/1575/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-1575/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 7 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12833463 - PreCommit-HIVE-Build > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15576752#comment-15576752 ] Gopal V commented on HIVE-14966: Thanks [~taoli-hwx], I will change that too. > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15576740#comment-15576740 ] Tao Li commented on HIVE-14966: --- [~gopalv]] Thanks for the patch. Looks like the deprecated setting is referenced in org.apache.hive.minikdc.TestJdbcWithMiniKdcCookie.beforeTest(). Should we remove that as well? > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
[ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15576702#comment-15576702 ] Vaibhav Gumashta commented on HIVE-14966: - +1 Makes sense to me to use secure flag only when ssl is on (per https://tools.ietf.org/html/rfc6265#section-4.1.2). > JDBC: Make cookie-auth work in HTTP mode > > > Key: HIVE-14966 > URL: https://issues.apache.org/jira/browse/HIVE-14966 > Project: Hive > Issue Type: Bug > Components: JDBC >Affects Versions: 1.3.0, 2.2.0 >Reporter: Gopal V >Assignee: Gopal V > Attachments: HIVE-14966.1.patch > > > HiveServer2 cookie-auth is non-functional and forces authentication to be > repeated for the status check loop, row fetch loop and the get logs loop. > The repeated auth in the fetch-loop is a performance issue, but is also > causing occasional DoS responses from the remote auth-backend if this is not > using local /etc/passwd. > The HTTP-Cookie auth once made functional will behave similarly to the binary > protocol, authenticating exactly once per JDBC session and not causing > further load on the authentication backend irrespective how many rows are > returned from the JDBC request. > This due to the fact that the cookies are not sent out with matching flags > for SSL usage. -- This message was sent by Atlassian JIRA (v6.3.4#6332)