diff --git a/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java b/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java index 82093fa..07e8c9a 100644 --- a/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java +++ b/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java @@ -62,7 +62,7 @@ public static String getKerberosServiceTicket(String principal, String host, Str String serverPrincipal = getServerPrincipal(principal, host); // Uses the Ticket Granting Ticket in the UserGroupInformation return clientUGI.doAs( - new HttpKerberosClientAction(serverPrincipal, clientUGI.getShortUserName(), serverHttpUrl)); + new HttpKerberosClientAction(serverPrincipal, clientUGI.getUserName(), serverHttpUrl)); } /** diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java index 99ef8bc..312d05e 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java @@ -32,6 +32,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.authentication.util.KerberosName; import org.apache.hive.service.auth.AuthenticationProviderFactory; import org.apache.hive.service.auth.AuthenticationProviderFactory.AuthMethods; import org.apache.hive.service.auth.HiveAuthFactory; @@ -219,7 +220,7 @@ public String run() throws HttpAuthenticationException { "provided by the client."); } else { - return getPrincipalWithoutRealm(gssContext.getSrcName().toString()); + return getPrincipalWithoutRealmAndHost(gssContext.getSrcName().toString()); } } catch (GSSException e) { @@ -237,8 +238,19 @@ public String run() throws HttpAuthenticationException { } private String getPrincipalWithoutRealm(String fullPrincipal) { - String names[] = fullPrincipal.split("[@]"); - return names[0]; + KerberosName fullKerberosName = new KerberosName(fullPrincipal); + String serviceName = fullKerberosName.getServiceName(); + String hostName = fullKerberosName.getHostName(); + String principalWithoutRealm = serviceName; + if (hostName != null) { + principalWithoutRealm = serviceName + "/" + hostName; + } + return principalWithoutRealm; + } + + private String getPrincipalWithoutRealmAndHost(String fullPrincipal) { + KerberosName fullKerberosName = new KerberosName(fullPrincipal); + return fullKerberosName.getServiceName(); } }