diff --git itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java index a30ec7e..0405ff3 100644 --- itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java +++ itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java @@ -41,26 +41,48 @@ public static void tearDown() throws Exception { } /** - * Verify that delegation token manager is started with no exception + * Verify that delegation token manager is started with no exception for MemoryTokenStore * @throws Exception */ @Test - public void testStartTokenManager() throws Exception { + public void testStartTokenManagerForMemoryTokenStore() throws Exception { hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, HiveAuthFactory.AuthTypes.KERBEROS.getAuthName()); String principalName = miniHiveKdc.getFullHiveServicePrincipal(); System.out.println("Principal: " + principalName); - + + hiveConf.setVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL, principalName); + String keyTabFile = miniHiveKdc.getKeyTabFile(miniHiveKdc.getHiveServicePrincipal()); + System.out.println("keyTabFile: " + keyTabFile); + Assert.assertNotNull(keyTabFile); + hiveConf.setVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB, keyTabFile); + + HiveAuthFactory authFactory = new HiveAuthFactory(hiveConf); + Assert.assertNotNull(authFactory); + Assert.assertEquals("org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory", + authFactory.getAuthTransFactory().getClass().getName()); + } + + /** + * Verify that delegation token manager is started with no exception for DBTokenStore + * @throws Exception + */ + @Test + public void testStartTokenManagerForDBTokenStore() throws Exception { + hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, HiveAuthFactory.AuthTypes.KERBEROS.getAuthName()); + String principalName = miniHiveKdc.getFullHiveServicePrincipal(); + System.out.println("Principal: " + principalName); + hiveConf.setVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL, principalName); String keyTabFile = miniHiveKdc.getKeyTabFile(miniHiveKdc.getHiveServicePrincipal()); System.out.println("keyTabFile: " + keyTabFile); Assert.assertNotNull(keyTabFile); hiveConf.setVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB, keyTabFile); - System.out.println("rawStoreClassName =" + hiveConf.getVar(ConfVars.METASTORE_RAW_STORE_IMPL)); + hiveConf.setVar(ConfVars.METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS, "org.apache.hadoop.hive.thrift.DBTokenStore"); HiveAuthFactory authFactory = new HiveAuthFactory(hiveConf); Assert.assertNotNull(authFactory); - Assert.assertEquals("org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory", + Assert.assertEquals("org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory", authFactory.getAuthTransFactory().getClass().getName()); } } diff --git service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java index 22c309f..1e6ac4f 100644 --- service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java +++ service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java @@ -37,6 +37,7 @@ import org.apache.hadoop.hive.metastore.api.MetaException; import org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim; import org.apache.hadoop.hive.shims.ShimLoader; +import org.apache.hadoop.hive.thrift.DBTokenStore; import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge; import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server.ServerMode; import org.apache.hadoop.security.SecurityUtil; @@ -110,9 +111,17 @@ public HiveAuthFactory(HiveConf conf) throws TTransportException { conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL)); // start delegation token manager try { - HMSHandler baseHandler = new HiveMetaStore.HMSHandler( - "new db based metaserver", conf, true); - saslServer.startDelegationTokenSecretManager(conf, baseHandler.getMS(), ServerMode.HIVESERVER2); + // rawStore is only necessary for DBTokenStore + Object rawStore = null; + String tokenStoreClass = conf.getVar(HiveConf.ConfVars.METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS); + + if (tokenStoreClass.equals(DBTokenStore.class.getName())) { + HMSHandler baseHandler = new HiveMetaStore.HMSHandler( + "new db based metaserver", conf, true); + rawStore = baseHandler.getMS(); + } + + saslServer.startDelegationTokenSecretManager(conf, rawStore, ServerMode.HIVESERVER2); } catch (MetaException|IOException e) { throw new TTransportException("Failed to start token manager", e);