Example 6 with TTransport
use of org.apache.thrift.transport.TTransport in project hive by apache.
the class HiveConnection method createUnderlyingTransport.
/**
* Create underlying SSL or non-SSL transport
*
* @return TTransport
* @throws TTransportException
*/
private TTransport createUnderlyingTransport() throws TTransportException {
TTransport transport = null;
// if dynamic service discovery is configured.
if (isSslConnection()) {
// get SSL socket
String sslTrustStore = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE);
String sslTrustStorePassword = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD);
if (sslTrustStore == null || sslTrustStore.isEmpty()) {
transport = HiveAuthUtils.getSSLSocket(host, port, loginTimeout);
} else {
transport = HiveAuthUtils.getSSLSocket(host, port, loginTimeout, sslTrustStore, sslTrustStorePassword);
}
} else {
// get non-SSL socket transport
transport = HiveAuthUtils.getSocketTransport(host, port, loginTimeout);
}
return transport;
}
Also used :
TTransport(org.apache.thrift.transport.TTransport)
Example 7 with TTransport
use of org.apache.thrift.transport.TTransport in project hive by apache.
the class HiveConnection method createBinaryTransport.
/**
* Create transport per the connection options
* Supported transport options are:
* - SASL based transports over
* + Kerberos
* + Delegation token
* + SSL
* + non-SSL
* - Raw (non-SASL) socket
*
* Kerberos and Delegation token supports SASL QOP configurations
* @throws SQLException, TTransportException
*/
private TTransport createBinaryTransport() throws SQLException, TTransportException {
try {
TTransport socketTransport = createUnderlyingTransport();
// handle secure connection if specified
if (!JdbcConnectionParams.AUTH_SIMPLE.equals(sessConfMap.get(JdbcConnectionParams.AUTH_TYPE))) {
// If Kerberos
Map<String, String> saslProps = new HashMap<String, String>();
SaslQOP saslQOP = SaslQOP.AUTH;
if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_QOP)) {
try {
saslQOP = SaslQOP.fromString(sessConfMap.get(JdbcConnectionParams.AUTH_QOP));
} catch (IllegalArgumentException e) {
throw new SQLException("Invalid " + JdbcConnectionParams.AUTH_QOP + " parameter. " + e.getMessage(), "42000", e);
}
saslProps.put(Sasl.QOP, saslQOP.toString());
} else {
// If the client did not specify qop then just negotiate the one supported by server
saslProps.put(Sasl.QOP, "auth-conf,auth-int,auth");
}
saslProps.put(Sasl.SERVER_AUTH, "true");
if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL)) {
transport = KerberosSaslHelper.getKerberosTransport(sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, socketTransport, saslProps, assumeSubject);
} else {
// If there's a delegation token available then use token based connection
String tokenStr = getClientDelegationToken(sessConfMap);
if (tokenStr != null) {
transport = KerberosSaslHelper.getTokenTransport(tokenStr, host, socketTransport, saslProps);
} else {
// we are using PLAIN Sasl connection with user/password
String userName = getUserName();
String passwd = getPassword();
// Overlay the SASL transport on top of the base socket transport (SSL or non-SSL)
transport = PlainSaslHelper.getPlainTransport(userName, passwd, socketTransport);
}
}
} else {
// Raw socket connection (non-sasl)
transport = socketTransport;
}
} catch (SaslException e) {
throw new SQLException("Could not create secure connection to " + jdbcUriString + ": " + e.getMessage(), " 08S01", e);
}
return transport;
}
Also used :
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
SaslQOP(org.apache.hive.service.auth.SaslQOP)
TTransport(org.apache.thrift.transport.TTransport)
SaslException(javax.security.sasl.SaslException)
Example 8 with TTransport
use of org.apache.thrift.transport.TTransport in project hive by apache.
the class TestThriftHttpCLIServiceFeatures method testIncorrectHttpPath.
/**
* Configure a wrong service endpoint for the client transport,
* and test for error.
* @throws Exception
*/
@Test
public void testIncorrectHttpPath() throws Exception {
thriftHttpPath = "wrongPath";
TTransport transport = getHttpTransport();
TCLIService.Client httpClient = getClient(transport);
// This will throw an expected exception since
// client is communicating with the wrong http service endpoint
testOpenSessionExpectedException(httpClient);
// Reset to correct http path
thriftHttpPath = "cliservice";
}
Also used :
TTransport(org.apache.thrift.transport.TTransport)
TCLIService(org.apache.hive.service.rpc.thrift.TCLIService)
Test(org.junit.Test)
Example 9 with TTransport
use of org.apache.thrift.transport.TTransport in project hive by apache.
the class TestThriftHttpCLIServiceFeatures method verifyForwardedHeaders.
private void verifyForwardedHeaders(ArrayList<String> headerIPs, String cmd) throws Exception {
TTransport transport;
DefaultHttpClient hClient = new DefaultHttpClient();
String httpUrl = getHttpUrl();
// add an interceptor that adds the X-Forwarded-For header with given ips
if (!headerIPs.isEmpty()) {
Header xForwardHeader = new BasicHeader("X-Forwarded-For", Joiner.on(",").join(headerIPs));
RequestDefaultHeaders headerInterceptor = new RequestDefaultHeaders(Arrays.asList(xForwardHeader));
hClient.addRequestInterceptor(headerInterceptor);
}
// interceptor for adding username, pwd
HttpBasicAuthInterceptor authInt = new HttpBasicAuthInterceptor(ThriftCLIServiceTest.USERNAME, ThriftCLIServiceTest.PASSWORD, null, null, false, null);
hClient.addRequestInterceptor(authInt);
transport = new THttpClient(httpUrl, hClient);
TCLIService.Client httpClient = getClient(transport);
// Create a new open session request object
TOpenSessionReq openReq = new TOpenSessionReq();
TOpenSessionResp openResp = httpClient.OpenSession(openReq);
//execute a query
TExecuteStatementReq execReq = new TExecuteStatementReq(openResp.getSessionHandle(), "show tables");
httpClient.ExecuteStatement(execReq);
// capture arguments to authorizer impl call and verify ip addresses passed
ArgumentCaptor<HiveAuthzContext> contextCapturer = ArgumentCaptor.forClass(HiveAuthzContext.class);
verify(mockedAuthorizer).checkPrivileges(any(HiveOperationType.class), Matchers.anyListOf(HivePrivilegeObject.class), Matchers.anyListOf(HivePrivilegeObject.class), contextCapturer.capture());
HiveAuthzContext context = contextCapturer.getValue();
System.err.println("Forwarded IP Addresses " + context.getForwardedAddresses());
List<String> auditIPAddresses = new ArrayList<String>(context.getForwardedAddresses());
Collections.sort(auditIPAddresses);
Collections.sort(headerIPs);
Assert.assertEquals("Checking forwarded IP Address", headerIPs, auditIPAddresses);
}
Also used :
RequestDefaultHeaders(org.apache.http.client.protocol.RequestDefaultHeaders)
HiveAuthzContext(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext)
ArrayList(java.util.ArrayList)
THttpClient(org.apache.thrift.transport.THttpClient)
TExecuteStatementReq(org.apache.hive.service.rpc.thrift.TExecuteStatementReq)
HiveOperationType(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType)
HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)
DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient)
TCLIService(org.apache.hive.service.rpc.thrift.TCLIService)
Header(org.apache.http.Header)
BasicHeader(org.apache.http.message.BasicHeader)
TTransport(org.apache.thrift.transport.TTransport)
TOpenSessionReq(org.apache.hive.service.rpc.thrift.TOpenSessionReq)
TOpenSessionResp(org.apache.hive.service.rpc.thrift.TOpenSessionResp)
BasicHeader(org.apache.http.message.BasicHeader)
HttpBasicAuthInterceptor(org.apache.hive.jdbc.HttpBasicAuthInterceptor)
Example 10 with TTransport
use of org.apache.thrift.transport.TTransport in project storm by apache.
the class TBackoffConnect method doConnectWithRetry.
public TTransport doConnectWithRetry(ITransportPlugin transportPlugin, TTransport underlyingTransport, String host, String asUser) throws IOException {
boolean connected = false;
TTransport transportResult = null;
while (!connected) {
try {
transportResult = transportPlugin.connect(underlyingTransport, host, asUser);
connected = true;
} catch (TTransportException ex) {
retryNext(ex);
}
}
return transportResult;
}
Also used :
TTransportException(org.apache.thrift.transport.TTransportException)
TTransport(org.apache.thrift.transport.TTransport)
Aggregations
TTransport (org.apache.thrift.transport.TTransport)81
TSocket (org.apache.thrift.transport.TSocket)29
TBinaryProtocol (org.apache.thrift.protocol.TBinaryProtocol)28
TProtocol (org.apache.thrift.protocol.TProtocol)28
TFramedTransport (org.apache.thrift.transport.TFramedTransport)20
TTransportException (org.apache.thrift.transport.TTransportException)18
Test (org.junit.Test)18
TException (org.apache.thrift.TException)14
IOException (java.io.IOException)11
TIOStreamTransport (org.apache.thrift.transport.TIOStreamTransport)8
ArrayList (java.util.ArrayList)7
Socket (java.net.Socket)5
TCLIService (org.apache.hive.service.rpc.thrift.TCLIService)4
TSaslClientTransport (org.apache.thrift.transport.TSaslClientTransport)4
ChannelBuffer (com.alibaba.dubbo.remoting.buffer.ChannelBuffer)3
Request (com.alibaba.dubbo.remoting.exchange.Request)3
Demo (com.alibaba.dubbo.rpc.gen.thrift.Demo)3
SocketFieldAccessor (com.navercorp.pinpoint.plugin.thrift.field.accessor.SocketFieldAccessor)3
InetSocketAddress (java.net.InetSocketAddress)3
HashMap (java.util.HashMap)3
