Support secure Subject.doAs() in HiveServer2 JDBC client.

Using Kerberos with Pre-Authenticated Subject: In the current approach of using Kerberos you will need to have valid Kerberos ticket in the ticket cache before connecting. This will entail static login(using kinit, key tab or ticketcache) and restriction of one Kerberos user per client. These restrictions will limit the usage in multi-user scenarios and in scenarios where in the client wants to login programmatically to Kerberos KDC. Using proxy users (see https://issues.apache.org/jira/browse/HIVE-5155 ) is one way to mitigate the problem of multi-user scenarios. The other way is to use pre-authenticated subject(see https://issues.apache.org/jira/browse/HIVE-6486 ). In this method, Hive JDBC client uses a pre-authenticated Kerberos Subject to authenticate to HiveServer2. To use pre-authenticated Subject you will need the following changes. + Add hive-exec*.jar to the classpath in addition to the regular Hive JDBC jars (commons-configuration-1.6.jar and hadoop-core*.jar are not required). + Add auth=kerberos and kerberosAuthType=fromSubject JDBC URL properties in addition to having the “principal" url property. + Open the connection in Subject.doAs() The following code snippet illustrates the usage (refer to https://issues.apache.org/jira/browse/HIVE-6486 for complete test case): static Connection getConnection( Subject signedOnUserSubject ) throws Exception{ Connection conn = (Connection) Subject.doAs(signedOnUserSubject, new PrivilegedExceptionAction<Object>() { public Object run() { Connection con = null; String JDBC_DB_URL = "jdbc: hive2://HiveHost:10000/default;principal=hive/localhost.localdomain@EXAMPLE.COM;auth=kerberos;kerberosAuthType=fromSubject "; try { Class.forName(JDBC_DRIVER); con = DriverManager.getConnection(JDBC_DB_URL); } catch (SQLException e) { e.printStackTrace(); } catch (ClassNotFoundException e) { e.printStackTrace(); } return con; } }); return conn; }