| commit | c3a9192347b4354337a906838499ff25236d63bc | [log] [tgz] |
|---|---|---|
| author | Josh Elser <elserj@apache.org> | Thu Dec 31 23:28:15 2020 -0500 |
| committer | Josh Elser <josh.elser@gmail.com> | Fri Oct 29 13:08:50 2021 -0400 |
| tree | 0b6740ae952927211d6830f4a0a2b6f4626d5600 | |
| parent | 95c1eb06ecb9dbc85de6d12142b013271965c594 [diff] |
[CALCITE-4152] Upgrade Avatica to use the configurable SPNEGO Jetty implementation
Jetty has deprecated the previously-used version of SPNEGO login code.
This change requires a few other changes to adopt:
1. Removal of automatic server login via JAAS (Jetty removed this and
expects explicit logins for the server).
2. Separation of Authentication and Authorization (we're required to
use a LoginService for authz to use the new SPNEGO authentication).
For the benefit of making this change, we automatically inherit the
Jetty Session logic which can skip SPNEGO authentication for the 2nd
to Nth call to Avatica. For a "workload" which previously took N HTTP calls
to Avatica to perform, this can now be done in (N/2)+1 HTTP calls
which, for average Avatica calls, results in a nearly 2x speed-up.
Jetty Sessions will cause a JSESSIONID cookie to be sent back on the
successful SPNEGO authentication handshake. As long as the client
resubmits this cookie for subsequent requests, the identity of the
client is kept intact.
To test this more easily, this change also includes updates to the
Avatica StandaloneServer, which more easily enables setup of Avatica
against any database (e.g. hsqldb with the SCOTT dataset).
Apache Calcite's Avatica is a framework for building database drivers.
Avatica is a sub-project of Apache Calcite.
For more details, see the home page.
Release notes for all published versions are available on the history page.