diff --git a/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java b/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java index 8b9da7a..c1ca62b 100644 --- a/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java +++ b/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java @@ -24,6 +24,7 @@ import java.net.Socket; import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; +import java.util.Locale; import java.util.Map; import javax.security.auth.callback.Callback; @@ -80,10 +81,35 @@ public Client createClient() { @Override public Client createClientWithConf(String authType) { - Configuration conf = new Configuration(); - conf.set(HADOOP_SECURITY_AUTHENTICATION, authType); - UserGroupInformation.setConfiguration(conf); - return new Client(); + UserGroupInformation ugi; + AuthenticationMethod authMethod; + try { + ugi = UserGroupInformation.getLoginUser(); + } catch(IOException e) { + throw new IllegalStateException("Unable to get current login user", e); + } + try { + // based on SecurityUtil.getAuthenticationMethod() + authMethod = Enum.valueOf(AuthenticationMethod.class, authType.toUpperCase(Locale.ENGLISH)); + } catch (IllegalArgumentException iae) { + throw new IllegalArgumentException("Invalid attribute value for " + + HADOOP_SECURITY_AUTHENTICATION + " of " + authType, iae); + } + // If the new current authentication type is equal to the one being set, do not + // create a new Configuration which would lose any other settings. This is required + // for oozie since it does not have a core-site.xml see HIVE-7682 + if (ugi.getAuthenticationMethod().equals(authMethod)) { + LOG.debug("Not setting UGI conf as passed-in authType of " + authType + " = current " + + "authType of " + ugi.getAuthenticationMethod()); + return new Client(); + } else { + LOG.debug("Setting UGI conf as passed-in authType of " + authType + " != current " + + "authType of " + ugi.getAuthenticationMethod()); + Configuration conf = new Configuration(); + conf.set(HADOOP_SECURITY_AUTHENTICATION, authType); + UserGroupInformation.setConfiguration(conf); + return new Client(); + } } @Override