bigtop-packages/src/common/hive/patch11-HIVE-24083-webhcat-compatible-hadoop334.diff - bigtop - Git at Google

 diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
 index d183b2e61b..441038bdd0 100644
 --- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
 +++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
 @@ -28,6 +28,8 @@
  import java.util.EnumSet;
  import java.util.HashMap;

 +import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
 +import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  import org.apache.commons.lang3.StringUtils;
 @@ -257,18 +259,31 @@ public FilterHolder makeXSRFFilter() {
    public FilterHolder makeAuthFilter() throws IOException {
      FilterHolder authFilter = new FilterHolder(AuthFilter.class);
      UserNameHandler.allowAnonymous(authFilter);
 +
 +    // compatible with Hadoop 3.3.x.
 +    // https://issues.apache.org/jira/browse/HIVE-24083
 +    String confPrefix = "dfs.web.authentication";
 +    String prefix = confPrefix + ".";
 +    authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
 +    authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
 +
      if (UserGroupInformation.isSecurityEnabled()) {
 +      authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
 +
        //http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
 -      authFilter.setInitParameter("dfs.web.authentication.signature.secret",
 -        conf.kerberosSecret());
 +      authFilter.setInitParameter(prefix + AuthenticationFilter.SIGNATURE_SECRET, conf.kerberosSecret());
 +
        //https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
        String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0");
 -      authFilter.setInitParameter("dfs.web.authentication.kerberos.principal",
 -        serverPrincipal);
 +
 +      authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.PRINCIPAL, serverPrincipal);
 +
        //http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
 -      authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab",
 -        conf.kerberosKeytab());
 +      authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.KEYTAB, conf.kerberosKeytab());
 +    } else {
 +      authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
      }
 +
      return authFilter;
    }
	diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
	index d183b2e61b..441038bdd0 100644
	--- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
	+++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java
	@@ -28,6 +28,8 @@
	import java.util.EnumSet;
	import java.util.HashMap;

	+import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
	+import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.apache.commons.lang3.StringUtils;
	@@ -257,18 +259,31 @@ public FilterHolder makeXSRFFilter() {
	public FilterHolder makeAuthFilter() throws IOException {
	FilterHolder authFilter = new FilterHolder(AuthFilter.class);
	UserNameHandler.allowAnonymous(authFilter);
	+
	+ // compatible with Hadoop 3.3.x.
	+ // https://issues.apache.org/jira/browse/HIVE-24083
	+ String confPrefix = "dfs.web.authentication";
	+ String prefix = confPrefix + ".";
	+ authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
	+ authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
	+
	if (UserGroupInformation.isSecurityEnabled()) {
	+ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
	+
	//http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
	- authFilter.setInitParameter("dfs.web.authentication.signature.secret",
	- conf.kerberosSecret());
	+ authFilter.setInitParameter(prefix + AuthenticationFilter.SIGNATURE_SECRET, conf.kerberosSecret());
	+
	//https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
	String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0");
	- authFilter.setInitParameter("dfs.web.authentication.kerberos.principal",
	- serverPrincipal);
	+
	+ authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.PRINCIPAL, serverPrincipal);
	+
	//http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
	- authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab",
	- conf.kerberosKeytab());
	+ authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.KEYTAB, conf.kerberosKeytab());
	+ } else {
	+ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
	}
	+
	return authFilter;
	}