diff --git a/service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java b/service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java index 15b1675..c4f7b60 100644 --- a/service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java +++ b/service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java @@ -29,6 +29,7 @@ import javax.security.sasl.SaslException; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hive.service.auth.PlainSaslServer.ExternalAuthenticationCallback; import org.apache.hive.service.auth.PlainSaslServer.SaslPlainProvider; import org.apache.hive.service.cli.thrift.TCLIService; @@ -109,8 +110,11 @@ public SQLPlainProcessorFactory(ThriftCLIService service) { @Override public TProcessor getProcessor(TTransport trans) { TProcessor baseProcessor = new TCLIService.Processor(service); - return doAsEnabled ? new TUGIContainingProcessor(baseProcessor, conf) : - new TSetIpAddressProcessor(service); + if (doAsEnabled && !ShimLoader.getHadoopShims().isSecurityEnabled()) { + return new TUGIContainingProcessor(baseProcessor, conf); + } else { + return new TSetIpAddressProcessor(service); + } } } diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java index 857e627..1890b8e 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java @@ -29,6 +29,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.conf.HiveConf.ConfVars; +import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hive.service.AbstractService; import org.apache.hive.service.auth.HiveAuthFactory; import org.apache.hive.service.cli.CLIService; @@ -143,14 +144,8 @@ SessionHandle getSessionHandle(TOpenSessionReq req) String userName = getUserName(req); SessionHandle sessionHandle = null; - if ( - cliService.getHiveConf().getVar(ConfVars.HIVE_SERVER2_AUTHENTICATION) - .equals(HiveAuthFactory.AuthTypes.KERBEROS.toString()) - && - cliService.getHiveConf(). - getBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS) - ) - { + if (cliService.getHiveConf().getBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS) && + ShimLoader.getHadoopShims().isSecurityEnabled()) { String delegationTokenStr = null; try { delegationTokenStr = cliService.getDelegationTokenFromMetaStore(userName); diff --git a/service/src/test/org/apache/hive/service/cli/thrift/ThriftCLIServiceTest.java b/service/src/test/org/apache/hive/service/cli/thrift/ThriftCLIServiceTest.java index 0032925..720a4ec 100644 --- a/service/src/test/org/apache/hive/service/cli/thrift/ThriftCLIServiceTest.java +++ b/service/src/test/org/apache/hive/service/cli/thrift/ThriftCLIServiceTest.java @@ -243,6 +243,7 @@ public void testDoAs() throws HiveSQLException, LoginException, IOException { hconf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, HiveAuthFactory.AuthTypes.KERBEROS.toString()); + System.setProperty("hadoop.security.authorization", "kerberos"); CLIService cliService = new CLIService(); cliService.init(hconf); ThriftCLIService tcliService = new ThriftBinaryCLIService(cliService); @@ -254,7 +255,7 @@ public void testDoAs() throws HiveSQLException, LoginException, IOException { //Proxy class for doing doAs on all calls is used when doAs is enabled // and kerberos security is on - assertTrue("check if session class is a proxy", session instanceof java.lang.reflect.Proxy); + assertFalse("check if session class is a proxy", session instanceof java.lang.reflect.Proxy); } private SessionManager getSessionManager(Collection services) {