commit 696993f6d75c297549b45b13e8e33968f8fdca04 Author: Denes Bodo Date: Thu Apr 4 15:30:49 2019 +0200 HIVE-21573 Binary transport shall ignore principal if auth is set to delegationToken Change-Id: Ie36594bf550ad6264285fcb184f26b78a717018e diff --git a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java index 4c7119f112..ec9c1932e5 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java +++ b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java @@ -685,23 +685,24 @@ private TTransport createBinaryTransport() throws SQLException, TTransportExcept saslProps.put(Sasl.QOP, "auth-conf,auth-int,auth"); } saslProps.put(Sasl.SERVER_AUTH, "true"); - if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL)) { + String tokenStr = null; + if (JdbcConnectionParams.AUTH_TOKEN.equals(sessConfMap.get(JdbcConnectionParams.AUTH_TYPE))) { + // If there's a delegation token available then use token based connection + tokenStr = getClientDelegationToken(sessConfMap); + } + if (tokenStr != null) { + transport = KerberosSaslHelper.getTokenTransport(tokenStr, + host, socketTransport, saslProps); + } else if(sessConfMap.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL)){ transport = KerberosSaslHelper.getKerberosTransport( - sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, - socketTransport, saslProps, assumeSubject); + sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, + socketTransport, saslProps, assumeSubject); } else { - // If there's a delegation token available then use token based connection - String tokenStr = getClientDelegationToken(sessConfMap); - if (tokenStr != null) { - transport = KerberosSaslHelper.getTokenTransport(tokenStr, - host, socketTransport, saslProps); - } else { - // we are using PLAIN Sasl connection with user/password - String userName = getUserName(); - String passwd = getPassword(); - // Overlay the SASL transport on top of the base socket transport (SSL or non-SSL) - transport = PlainSaslHelper.getPlainTransport(userName, passwd, socketTransport); - } + // we are using PLAIN Sasl connection with user/password + String userName = getUserName(); + String passwd = getPassword(); + // Overlay the SASL transport on top of the base socket transport (SSL or non-SSL) + transport = PlainSaslHelper.getPlainTransport(userName, passwd, socketTransport); } } else { // Raw socket connection (non-sasl)