| diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java |
| index d183b2e61b..441038bdd0 100644 |
| --- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java |
| +++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java |
| @@ -28,6 +28,8 @@ |
| import java.util.EnumSet; |
| import java.util.HashMap; |
| |
| +import org.apache.hadoop.security.authentication.server.AuthenticationFilter; |
| +import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| import org.apache.commons.lang3.StringUtils; |
| @@ -257,18 +259,31 @@ public FilterHolder makeXSRFFilter() { |
| public FilterHolder makeAuthFilter() throws IOException { |
| FilterHolder authFilter = new FilterHolder(AuthFilter.class); |
| UserNameHandler.allowAnonymous(authFilter); |
| + |
| + // compatible with Hadoop 3.3.x. |
| + // https://issues.apache.org/jira/browse/HIVE-24083 |
| + String confPrefix = "dfs.web.authentication"; |
| + String prefix = confPrefix + "."; |
| + authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix); |
| + authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/"); |
| + |
| if (UserGroupInformation.isSecurityEnabled()) { |
| + authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE); |
| + |
| //http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html |
| - authFilter.setInitParameter("dfs.web.authentication.signature.secret", |
| - conf.kerberosSecret()); |
| + authFilter.setInitParameter(prefix + AuthenticationFilter.SIGNATURE_SECRET, conf.kerberosSecret()); |
| + |
| //https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml |
| String serverPrincipal = SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), "0.0.0.0"); |
| - authFilter.setInitParameter("dfs.web.authentication.kerberos.principal", |
| - serverPrincipal); |
| + |
| + authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.PRINCIPAL, serverPrincipal); |
| + |
| //http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml |
| - authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab", |
| - conf.kerberosKeytab()); |
| + authFilter.setInitParameter(prefix + KerberosAuthenticationHandler.KEYTAB, conf.kerberosKeytab()); |
| + } else { |
| + authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, PseudoAuthenticationHandler.TYPE); |
| } |
| + |
| return authFilter; |
| } |
| |