BIGTOP-3778: Fix Hive3.1.3 WebHCat service compatible issue with Hadoop3.3.x (#983)
* BIGTOP-3778: Fix Hive3.1.3 WebHCat service compatible issue with Hadoop3.3.x
Co-authored-by: wuzhiguo <datakun-open@startdt.com>
diff --git a/bigtop-packages/src/common/hive/patch11-HIVE-24083-webhcat-compatible-hadoop334.diff b/bigtop-packages/src/common/hive/patch11-HIVE-24083-webhcat-compatible-hadoop334.diff
new file mode 100644
index 0000000..162a1f1
--- /dev/null
+++ b/bigtop-packages/src/common/hive/patch11-HIVE-24083-webhcat-compatible-hadoop334.diff
@@ -0,0 +1,51 @@
+diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
+index d183b2e61b..441038bdd0 100644
+--- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
++++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
+@@ -28,6 +28,8 @@
+ import java.util.EnumSet;
+ import java.util.HashMap;
+
++import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
++import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
+ import org.slf4j.Logger;
+ import org.slf4j.LoggerFactory;
+ import org.apache.commons.lang3.StringUtils;
+@@ -257,18 +259,31 @@ public FilterHolder makeXSRFFilter() {
+ public FilterHolder makeAuthFilter() throws IOException {
+ FilterHolder authFilter = new FilterHolder(AuthFilter.class);
+ UserNameHandler.allowAnonymous(authFilter);
++
++ // compatible with Hadoop 3.3.x.
++ // https://issues.apache.org/jira/browse/HIVE-24083
++ String confPrefix = "dfs.web.authentication";
++ String prefix = confPrefix + ".";
++ authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
++ authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
++
+ if (UserGroupInformation.isSecurityEnabled()) {
++ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
++
+ //http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
+- authFilter.setInitParameter("dfs.web.authentication.signature.secret",
+- conf.kerberosSecret());
++ authFilter.setInitParameter(prefix + AuthenticationFilter.SIGNATURE_SECRET, conf.kerberosSecret());
++
+ //https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
+ String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0");
+- authFilter.setInitParameter("dfs.web.authentication.kerberos.principal",
+- serverPrincipal);
++
++ authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.PRINCIPAL, serverPrincipal);
++
+ //http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
+- authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab",
+- conf.kerberosKeytab());
++ authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.KEYTAB, conf.kerberosKeytab());
++ } else {
++ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
+ }
++
+ return authFilter;
+ }
+
