Example 1 with HiveConnection
use of org.apache.hive.jdbc.HiveConnection in project oozie by apache.
the class Hive2Credentials method updateCredentials.
@Override
public void updateCredentials(Credentials credentials, Configuration config, CredentialsProperties props, Context context) throws Exception {
try {
// load the driver
Class.forName("org.apache.hive.jdbc.HiveDriver");
String url = props.getProperties().get(HIVE2_JDBC_URL);
if (url == null || url.isEmpty()) {
throw new CredentialException(ErrorCode.E0510, HIVE2_JDBC_URL + " is required to get hive server 2 credential");
}
String principal = props.getProperties().get(HIVE2_SERVER_PRINCIPAL);
if (principal == null || principal.isEmpty()) {
throw new CredentialException(ErrorCode.E0510, HIVE2_SERVER_PRINCIPAL + " is required to get hive server 2 credentials");
}
url = url + ";principal=" + principal;
Connection con = null;
String tokenStr = null;
try {
con = DriverManager.getConnection(url);
XLog.getLog(getClass()).debug("Connected successfully to " + url);
// get delegation token for the given proxy user
tokenStr = ((HiveConnection) con).getDelegationToken(config.get(USER_NAME), principal);
} finally {
if (con != null) {
con.close();
}
}
XLog.getLog(getClass()).debug("Got token");
Token<DelegationTokenIdentifier> hive2Token = new Token<DelegationTokenIdentifier>();
hive2Token.decodeFromUrlString(tokenStr);
credentials.addToken(CredentialsProviderFactory.getUniqueAlias(hive2Token), hive2Token);
XLog.getLog(getClass()).debug("Added the Hive Server 2 token to launcher's credential");
} catch (Exception e) {
XLog.getLog(getClass()).warn("Exception in obtaining Hive2 token", e);
throw e;
}
}
Also used :
DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)
Connection(java.sql.Connection)
HiveConnection(org.apache.hive.jdbc.HiveConnection)
Token(org.apache.hadoop.security.token.Token)
Example 2 with HiveConnection
use of org.apache.hive.jdbc.HiveConnection in project hive by apache.
the class TempletonControllerJob method buildHS2DelegationToken.
private String buildHS2DelegationToken(String user) throws IOException, InterruptedException, TException {
final HiveConf c = new HiveConf();
LOG.debug("Creating hiveserver2 delegation token for user " + user);
final UserGroupInformation ugi = UgiFactory.getUgi(user);
UserGroupInformation real = ugi.getRealUser();
return real.doAs(new PrivilegedExceptionAction<String>() {
@Override
public String run() throws IOException, TException, InterruptedException {
try {
Class.forName("org.apache.hive.jdbc.HiveDriver");
} catch (ClassNotFoundException e) {
throw new IOException(e);
}
String hs2Url = appConf.get(AppConfig.HIVE_SERVER2_URL);
final HiveConnection con;
try {
con = (HiveConnection) DriverManager.getConnection(hs2Url);
} catch (SQLException e) {
throw new IOException(e);
}
String token = ugi.doAs(new PrivilegedExceptionAction<String>() {
@Override
public String run() throws SQLException {
String u = ugi.getUserName();
return con.getDelegationToken(u, u);
}
});
return token;
}
});
}
Also used :
TException(org.apache.thrift.TException)
SQLException(java.sql.SQLException)
HiveConf(org.apache.hadoop.hive.conf.HiveConf)
IOException(java.io.IOException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
HiveConnection(org.apache.hive.jdbc.HiveConnection)
Example 3 with HiveConnection
use of org.apache.hive.jdbc.HiveConnection in project hive by apache.
the class TestJdbcWithMiniKdc method testCancelRenewTokenFlow.
@Test
public void testCancelRenewTokenFlow() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
// retrieve token and store in the cache
String token = ((HiveConnection) hs2Conn).getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
assertTrue(token != null && !token.isEmpty());
Exception ex = null;
((HiveConnection) hs2Conn).cancelDelegationToken(token);
try {
((HiveConnection) hs2Conn).renewDelegationToken(token);
} catch (Exception SQLException) {
ex = SQLException;
}
assertTrue(ex != null && ex instanceof HiveSQLException);
// retrieve token and store in the cache
token = ((HiveConnection) hs2Conn).getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
assertTrue(token != null && !token.isEmpty());
hs2Conn.close();
}
Also used :
HiveSQLException(org.apache.hive.service.cli.HiveSQLException)
HiveSQLException(org.apache.hive.service.cli.HiveSQLException)
SQLException(java.sql.SQLException)
HiveConnection(org.apache.hive.jdbc.HiveConnection)
Test(org.junit.Test)
Example 4 with HiveConnection
use of org.apache.hive.jdbc.HiveConnection in project hive by apache.
the class TestJdbcWithMiniKdc method testRenewDelegationToken.
@Test
public void testRenewDelegationToken() throws Exception {
UserGroupInformation currentUGI = miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
String currentUser = currentUGI.getUserName();
// retrieve token and store in the cache
String token = ((HiveConnection) hs2Conn).getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1, miniHiveKdc.getFullyQualifiedServicePrincipal(MiniHiveKdc.HIVE_TEST_SUPER_USER));
assertTrue(token != null && !token.isEmpty());
((HiveConnection) hs2Conn).renewDelegationToken(token);
hs2Conn.close();
}
Also used :
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
HiveConnection(org.apache.hive.jdbc.HiveConnection)
Test(org.junit.Test)
Example 5 with HiveConnection
use of org.apache.hive.jdbc.HiveConnection in project hive by apache.
the class TestHttpSamlAuthentication method testTokenReuse.
/**
* Test make sure that a token which is issued for a different connection cannot be
* reused.
*/
@Test(expected = SQLException.class)
public void testTokenReuse() throws Exception {
setupIDP(true, USER_PASS_MODE, null, null);
String token = null;
try (HiveConnection connection = new TestHiveConnection(getSamlJdbcConnectionUrl(), new Properties(), USER1, USER1_PASSWORD)) {
token = connection.getBrowserClient().getServerResponse().getToken();
}
assertNotNull(token);
// inject the token using http.header url param
String bearerToken = "Bearer%20" + token;
String jdbcUrl = getSamlJdbcConnectionUrl(10) + ";http.header.Authorization=" + bearerToken;
try (HiveConnection connection = new HiveConnection(jdbcUrl, new Properties())) {
fail("User should not be able to login just using the token");
}
}
Also used :
Properties(java.util.Properties)
HiveConnection(org.apache.hive.jdbc.HiveConnection)
Test(org.junit.Test)
Aggregations
HiveConnection (org.apache.hive.jdbc.HiveConnection)12
Test (org.junit.Test)6
Statement (java.sql.Statement)5
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)5
SQLException (java.sql.SQLException)3
Properties (java.util.Properties)3
IOException (java.io.IOException)2
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2
Connection (java.sql.Connection)2
Field (java.lang.reflect.Field)1
ResultSet (java.sql.ResultSet)1
Configuration (org.apache.hadoop.conf.Configuration)1
DelegationTokenIdentifier (org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)1
HiveConf (org.apache.hadoop.hive.conf.HiveConf)1
MetaException (org.apache.hadoop.hive.metastore.api.MetaException)1
Token (org.apache.hadoop.security.token.Token)1
HiveSQLException (org.apache.hive.service.cli.HiveSQLException)1
CookieStore (org.apache.http.client.CookieStore)1
HttpClient (org.apache.http.client.HttpClient)1
TException (org.apache.thrift.TException)1
