diff --git a/itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftHttpCLIService.java b/itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftHttpCLIService.java
index 57fda94..43f92a3 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftHttpCLIService.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftHttpCLIService.java
@@ -24,7 +24,6 @@
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hive.jdbc.HttpBasicAuthInterceptor;
import org.apache.hive.service.auth.HiveAuthFactory.AuthTypes;
-import org.apache.hive.service.server.HiveServer2;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TTransport;
@@ -170,40 +169,6 @@ public void testIncorrectHttpPath() throws Exception {
}
}
-
- private void testWithAuthMode(AuthTypes authType) throws Exception {
- // Stop and restart HiveServer2 in given incorrect auth mode
- stopHiveServer2();
- hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, authType.toString());
- hiveServer2 = new HiveServer2();
- // HiveServer2 in Http mode will not start using KERBEROS/LDAP/CUSTOM auth types
- startHiveServer2WithConf(hiveConf);
-
- // This will throw an expected exception since Http server is not running
- testOpenSessionExpectedException();
-
- // Stop and restart back with the original config
- stopHiveServer2();
- hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, AuthTypes.NOSASL.toString());
- hiveServer2 = new HiveServer2();
- startHiveServer2WithConf(hiveConf);
- }
-
- @Test
- public void testKerberosMode() throws Exception {
- testWithAuthMode(AuthTypes.KERBEROS);
- }
-
- @Test
- public void testLDAPMode() throws Exception {
- testWithAuthMode(AuthTypes.LDAP);
- }
-
- @Test
- public void testCustomMode() throws Exception {
- testWithAuthMode(AuthTypes.CUSTOM);
- }
-
private static TTransport createHttpTransport() throws Exception {
DefaultHttpClient httpClient = new DefaultHttpClient();
String httpUrl = transportMode + "://" + host + ":" + port +
diff --git a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
index f909c96..466c20d 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
@@ -46,7 +46,6 @@
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
-import javax.net.ssl.SSLContext;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
@@ -68,10 +67,9 @@
import org.apache.hive.service.cli.thrift.TProtocolVersion;
import org.apache.hive.service.cli.thrift.TSessionHandle;
import org.apache.http.HttpRequestInterceptor;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLContexts;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.thrift.TException;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.transport.THttpClient;
@@ -190,8 +188,25 @@ private void openTransport() throws SQLException {
}
}
+ private String getServerHttpUrl(boolean useSsl) {
+ // Create the http/https url
+ // JDBC driver will set up an https url if ssl is enabled, otherwise http
+ String schemeName = useSsl ? "https" : "http";
+ // http path should begin with "/"
+ String httpPath;
+ httpPath = hiveConfMap.get(
+ HiveConf.ConfVars.HIVE_SERVER2_THRIFT_HTTP_PATH.varname);
+ if(httpPath == null) {
+ httpPath = "/";
+ }
+ else if(!httpPath.startsWith("/")) {
+ httpPath = "/" + httpPath;
+ }
+ return schemeName + "://" + host + ":" + port + httpPath;
+ }
+
private TTransport createHttpTransport() throws SQLException {
- CloseableHttpClient httpClient;
+ DefaultHttpClient httpClient;
boolean useSsl = isSslConnection();
@@ -215,24 +230,10 @@ private TTransport createHttpTransport() throws SQLException {
return transport;
}
- private String getServerHttpUrl(boolean useSsl) {
- // Create the http/https url
- // JDBC driver will set up an https url if ssl is enabled, otherwise http
- String schemeName = useSsl ? "https" : "http";
- // http path should begin with "/"
- String httpPath;
- httpPath = hiveConfMap.get(
- HiveConf.ConfVars.HIVE_SERVER2_THRIFT_HTTP_PATH.varname);
- if(httpPath == null) {
- httpPath = "/";
- }
- else if(!httpPath.startsWith("/")) {
- httpPath = "/" + httpPath;
- }
- return schemeName + "://" + host + ":" + port + httpPath;
- }
+ private DefaultHttpClient getHttpClient(Boolean useSsl) throws SQLException {
+ DefaultHttpClient httpClient = new DefaultHttpClient();
+ HttpRequestInterceptor requestInterceptor;
- private CloseableHttpClient getHttpClient(Boolean useSsl) throws SQLException {
// If Kerberos
if (isKerberosAuthMode()) {
try {
@@ -248,10 +249,9 @@ private CloseableHttpClient getHttpClient(Boolean useSsl) throws SQLException {
*/
String kerberosAuthHeader = HttpAuthUtils.doKerberosAuth(
sessConfMap.get(HIVE_AUTH_PRINCIPAL), host, getServerHttpUrl(false));
- HttpKerberosRequestInterceptor kerberosInterceptor =
- new HttpKerberosRequestInterceptor(kerberosAuthHeader);
- return HttpClients.custom().addInterceptorFirst(kerberosInterceptor).build();
- } catch (Exception e) {
+ requestInterceptor = new HttpKerberosRequestInterceptor(kerberosAuthHeader);
+ }
+ catch (Exception e) {
String msg = "Could not create a kerberized http connection to " +
jdbcURI + ". " + e.getMessage();
throw new SQLException(msg, " 08S01", e);
@@ -259,45 +259,43 @@ private CloseableHttpClient getHttpClient(Boolean useSsl) throws SQLException {
}
else {
/**
- * Add an interceptor to pass username/password in the header,
- * for basic preemtive http authentication at the server.
+ * Add an interceptor to pass username/password in the header.
* In https mode, the entire information is encrypted
*/
- HttpRequestInterceptor authInterceptor = new HttpBasicAuthInterceptor(
- getUserName(), getPassword());
+ requestInterceptor = new HttpBasicAuthInterceptor(getUserName(), getPassword());
+ // Configure httpClient for SSL
if (useSsl) {
String sslTrustStorePath = sessConfMap.get(HIVE_SSL_TRUST_STORE);
String sslTrustStorePassword = sessConfMap.get(
HIVE_SSL_TRUST_STORE_PASSWORD);
KeyStore sslTrustStore;
- SSLContext sslContext;
- if (sslTrustStorePath == null || sslTrustStorePath.isEmpty()) {
- // Create a default client context based on standard JSSE trust material
- sslContext = SSLContexts.createDefault();
- } else {
- // Pick trust store config from the given path
- try {
+ SSLSocketFactory socketFactory;
+
+ try {
+ if (sslTrustStorePath == null || sslTrustStorePath.isEmpty()) {
+ // Create a default socket factory based on standard JSSE trust material
+ socketFactory = SSLSocketFactory.getSocketFactory();
+ }
+ else {
+ // Pick trust store config from the given path
sslTrustStore = KeyStore.getInstance(HIVE_SSL_TRUST_STORE_TYPE);
sslTrustStore.load(new FileInputStream(sslTrustStorePath),
sslTrustStorePassword.toCharArray());
- sslContext = SSLContexts.custom().loadTrustMaterial(
- sslTrustStore).build();
- }
- catch (Exception e) {
- String msg = "Could not create an https connection to " +
- jdbcURI + ". " + e.getMessage();
- throw new SQLException(msg, " 08S01", e);
+ socketFactory = new SSLSocketFactory(sslTrustStore);
}
+ socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+ Scheme sslScheme = new Scheme("https", 443, socketFactory);
+ httpClient.getConnectionManager().getSchemeRegistry().register(sslScheme);
+ }
+ catch (Exception e) {
+ String msg = "Could not create an https connection to " +
+ jdbcURI + ". " + e.getMessage();
+ throw new SQLException(msg, " 08S01", e);
}
- return HttpClients.custom().setHostnameVerifier(
- SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER).setSslcontext(
- sslContext).addInterceptorFirst(authInterceptor).build();
- }
- else {
- // Create a plain http client
- return HttpClients.custom().addInterceptorFirst(authInterceptor).build();
}
}
+ httpClient.addRequestInterceptor(requestInterceptor);
+ return httpClient;
}
private TTransport createBinaryTransport() throws SQLException {
diff --git a/pom.xml b/pom.xml
index 0669728..34b3114 100644
--- a/pom.xml
+++ b/pom.xml
@@ -102,8 +102,8 @@
0.96.0-hadoop1
0.96.0-hadoop2
- 4.3.2
- 4.3.1
+ 4.2.5
+ 4.2.5
1.9.2
0.3.2
5.5.1
diff --git a/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java b/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
index a5d21de..346338f 100644
--- a/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
+++ b/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
@@ -53,7 +53,7 @@
public static final String BASIC = "Basic";
public static final String NEGOTIATE = "Negotiate";
- private static class HttpCLIServiceProcessorFactory extends TProcessorFactory {
+ public static class HttpCLIServiceProcessorFactory extends TProcessorFactory {
private final ThriftCLIService service;
private final HiveConf hiveConf;
private final boolean isDoAsEnabled;
diff --git a/service/src/java/org/apache/hive/service/cli/CLIService.java b/service/src/java/org/apache/hive/service/cli/CLIService.java
index 67f4410..6654f04 100644
--- a/service/src/java/org/apache/hive/service/cli/CLIService.java
+++ b/service/src/java/org/apache/hive/service/cli/CLIService.java
@@ -92,8 +92,8 @@ public synchronized void init(HiveConf hiveConf) {
} catch (LoginException e) {
throw new ServiceException("Unable to login to kerberos with given principal/keytab", e);
}
- super.init(hiveConf);
}
+ super.init(hiveConf);
}
public UserGroupInformation getServiceUGI() {
diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
index cb01cfd..dacd941 100644
--- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
+++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
@@ -99,7 +99,6 @@ public void run() {
hiveAuthFactory = new HiveAuthFactory();
TProcessorFactory processorFactory = hiveAuthFactory.getAuthProcFactory(this);
TProcessor processor = processorFactory.getProcessor(null);
-
TProtocolFactory protocolFactory = new TBinaryProtocol.Factory();
TServlet thriftHttpServlet = new ThriftHttpServlet(processor, protocolFactory,
authType, serviceUGI);
diff --git a/service/src/test/org/apache/hive/service/cli/thrift/ThriftCLIServiceTest.java b/service/src/test/org/apache/hive/service/cli/thrift/ThriftCLIServiceTest.java
index 3b24d4e..21dc63b 100644
--- a/service/src/test/org/apache/hive/service/cli/thrift/ThriftCLIServiceTest.java
+++ b/service/src/test/org/apache/hive/service/cli/thrift/ThriftCLIServiceTest.java
@@ -23,23 +23,9 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import java.io.IOException;
-import java.util.Collection;
-
-import javax.security.auth.login.LoginException;
-
import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.metastore.MetaStoreUtils;
-import org.apache.hadoop.hive.ql.ErrorMsg;
-import org.apache.hive.service.Service;
-import org.apache.hive.service.auth.HiveAuthFactory;
import org.apache.hive.service.auth.PlainSaslHelper;
-import org.apache.hive.service.cli.CLIService;
-import org.apache.hive.service.cli.HiveSQLException;
-import org.apache.hive.service.cli.SessionHandle;
-import org.apache.hive.service.cli.session.HiveSession;
-import org.apache.hive.service.cli.session.SessionManager;
import org.apache.hive.service.server.HiveServer2;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TProtocol;
@@ -271,7 +257,7 @@ public void testExecuteStatementAsync() throws Exception {
// Execute a malformed query
// This query will give a runtime error
- queryString = "CREATE TABLE NON_EXISTING_TAB (ID STRING) location 'hdfs://fooNN:10000/a/b/c'";
+ queryString = "CREATE TABLE NON_EXISTING_TAB (ID STRING) location 'hdfs://localhost:10000/a/b/c'";
System.out.println("Will attempt to execute: " + queryString);
execResp = executeQuery(queryString, sessHandle, true);
operationHandle = execResp.getOperationHandle();
@@ -338,46 +324,6 @@ protected void testOpenSessionExpectedException() {
}
/**
- * Test setting {@link HiveConf.ConfVars}} config parameter
- * HIVE_SERVER2_ENABLE_DOAS for kerberos secure mode
- * @throws IOException
- * @throws LoginException
- * @throws HiveSQLException
- */
- @Test
- public void testDoAs() throws HiveSQLException, LoginException, IOException {
- HiveConf hconf = new HiveConf();
- assertTrue("default value of hive server2 doAs should be true",
- hconf.getBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS));
-
- hconf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION,
- HiveAuthFactory.AuthTypes.KERBEROS.toString());
-
- CLIService cliService = new CLIService();
- cliService.init(hconf);
- ThriftCLIService tcliService = new ThriftBinaryCLIService(cliService);
- TOpenSessionReq req = new TOpenSessionReq();
- TOpenSessionResp res = new TOpenSessionResp();
- req.setUsername("testuser1");
- SessionHandle sHandle = tcliService.getSessionHandle(req, res);
- SessionManager sManager = getSessionManager(cliService.getServices());
- HiveSession session = sManager.getSession(sHandle);
-
- //Proxy class for doing doAs on all calls is used when doAs is enabled
- // and kerberos security is on
- assertTrue("check if session class is a proxy", session instanceof java.lang.reflect.Proxy);
- }
-
- private SessionManager getSessionManager(Collection services) {
- for(Service s : services){
- if(s instanceof SessionManager){
- return (SessionManager)s;
- }
- }
- return null;
- }
-
- /**
* @throws java.lang.Exception
*/
@Before