Search in sources :

Example 1 with SaslQOP

use of org.apache.hive.service.auth.SaslQOP in project hive by apache.

the class HiveConnection method createBinaryTransport.

/**
 * Create transport per the connection options
 * Supported transport options are:
 *   - SASL based transports over
 *      + Kerberos
 *      + Delegation token
 *      + SSL
 *      + non-SSL
 *   - Raw (non-SASL) socket
 *
 *   Kerberos and Delegation token supports SASL QOP configurations
 * @throws SQLException, TTransportException
 */
private TTransport createBinaryTransport() throws SQLException, TTransportException {
    try {
        TTransport socketTransport = createUnderlyingTransport();
        // handle secure connection if specified
        if (!JdbcConnectionParams.AUTH_SIMPLE.equals(sessConfMap.get(JdbcConnectionParams.AUTH_TYPE))) {
            // If Kerberos
            Map<String, String> saslProps = new HashMap<String, String>();
            SaslQOP saslQOP = SaslQOP.AUTH;
            if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_QOP)) {
                try {
                    saslQOP = SaslQOP.fromString(sessConfMap.get(JdbcConnectionParams.AUTH_QOP));
                } catch (IllegalArgumentException e) {
                    throw new SQLException("Invalid " + JdbcConnectionParams.AUTH_QOP + " parameter. " + e.getMessage(), "42000", e);
                }
                saslProps.put(Sasl.QOP, saslQOP.toString());
            } else {
                // If the client did not specify qop then just negotiate the one supported by server
                saslProps.put(Sasl.QOP, "auth-conf,auth-int,auth");
            }
            saslProps.put(Sasl.SERVER_AUTH, "true");
            if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL)) {
                transport = KerberosSaslHelper.getKerberosTransport(sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, socketTransport, saslProps, assumeSubject);
            } else {
                // If there's a delegation token available then use token based connection
                String tokenStr = getClientDelegationToken(sessConfMap);
                if (tokenStr != null) {
                    transport = KerberosSaslHelper.getTokenTransport(tokenStr, host, socketTransport, saslProps);
                } else {
                    // we are using PLAIN Sasl connection with user/password
                    String userName = getUserName();
                    String passwd = getPassword();
                    // Overlay the SASL transport on top of the base socket transport (SSL or non-SSL)
                    transport = PlainSaslHelper.getPlainTransport(userName, passwd, socketTransport);
                }
            }
        } else {
            // Raw socket connection (non-sasl)
            transport = socketTransport;
        }
    } catch (SaslException e) {
        throw new SQLException("Could not create secure connection to " + jdbcUriString + ": " + e.getMessage(), " 08S01", e);
    }
    return transport;
}
Also used : HashMap(java.util.HashMap) SQLException(java.sql.SQLException) SaslQOP(org.apache.hive.service.auth.SaslQOP) TTransport(org.apache.thrift.transport.TTransport) SaslException(javax.security.sasl.SaslException)

Aggregations

SQLException (java.sql.SQLException)1 HashMap (java.util.HashMap)1 SaslException (javax.security.sasl.SaslException)1 SaslQOP (org.apache.hive.service.auth.SaslQOP)1 TTransport (org.apache.thrift.transport.TTransport)1