diff --git a/jdbc/src/java/org/apache/hive/jdbc/HttpKerberosRequestInterceptor.java b/jdbc/src/java/org/apache/hive/jdbc/HttpKerberosRequestInterceptor.java index 1a613fb..f21f4d2 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/HttpKerberosRequestInterceptor.java +++ b/jdbc/src/java/org/apache/hive/jdbc/HttpKerberosRequestInterceptor.java @@ -1,24 +1,25 @@ /** -* Licensed to the Apache Software Foundation (ASF) under one -* or more contributor license agreements. See the NOTICE file -* distributed with this work for additional information -* regarding copyright ownership. The ASF licenses this file -* to you under the Apache License, Version 2.0 (the -* "License"); you may not use this file except in compliance -* with the License. You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.apache.hive.jdbc; import java.io.IOException; +import java.util.concurrent.locks.ReentrantLock; import org.apache.hive.service.auth.HttpAuthUtils; import org.apache.http.HttpException; @@ -27,39 +28,45 @@ import org.apache.http.protocol.HttpContext; /** -* -* Authentication interceptor which adds Base64 encoded payload, -* containing the username and kerberos service ticket, -* to the outgoing http request header. -* -*/ + * + * Authentication interceptor which adds Base64 encoded payload, + * containing the username and kerberos service ticket, + * to the outgoing http request header. + * + */ public class HttpKerberosRequestInterceptor implements HttpRequestInterceptor { -String principal; -String host; -String serverHttpUrl; + String principal; + String host; + String serverHttpUrl; -public HttpKerberosRequestInterceptor(String principal, String host, - String serverHttpUrl) { - this.principal = principal; - this.host = host; - this.serverHttpUrl = serverHttpUrl; -} + // A fair reentrant lock + private static ReentrantLock kerberosLock = new ReentrantLock(true); -@Override -public void process(HttpRequest httpRequest, HttpContext httpContext) - throws HttpException, IOException { - String kerberosAuthHeader; - try { - // Generate the service ticket for sending to the server. - kerberosAuthHeader = HttpAuthUtils.getKerberosServiceTicket( - principal, host, serverHttpUrl); - // Set the session key token (Base64 encoded) in the headers - httpRequest.addHeader(HttpAuthUtils.AUTHORIZATION + ": " + - HttpAuthUtils.NEGOTIATE + " ", kerberosAuthHeader); - } catch (Exception e) { - throw new HttpException(e.getMessage(), e); + public HttpKerberosRequestInterceptor(String principal, String host, + String serverHttpUrl) { + this.principal = principal; + this.host = host; + this.serverHttpUrl = serverHttpUrl; + } + + @Override + public void process(HttpRequest httpRequest, HttpContext httpContext) + throws HttpException, IOException { + String kerberosAuthHeader; + try { + // Generate the service ticket for sending to the server. + // Locking ensures the tokens are unique in case of concurrent requests + kerberosLock.lock(); + kerberosAuthHeader = HttpAuthUtils.getKerberosServiceTicket( + principal, host, serverHttpUrl); + kerberosLock.unlock(); + // Set the session key token (Base64 encoded) in the headers + httpRequest.addHeader(HttpAuthUtils.AUTHORIZATION + ": " + + HttpAuthUtils.NEGOTIATE + " ", kerberosAuthHeader); + } catch (Exception e) { + throw new HttpException(e.getMessage(), e); + } } -} }