complete

apache · Oct 24, 2021 · ea7db79 · ea7db79
1 parent 11f409c
commit ea7db79
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 14 deletions.
diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
@@ -122,7 +122,7 @@ You can configure the Kyuubi properties in `$KYUUBI_HOME/conf/kyuubi-defaults.co
 
 Key | Default | Meaning | Type | Since
 --- | --- | --- | --- | ---
-kyuubi\.authentication|<div style='width: 65pt;word-wrap: break-word;white-space: normal'>NONE</div>|<div style='width: 170pt;word-wrap: break-word;white-space: normal'>A comma separated list of client authentication types.<ul> <li>NOSASL: raw transport.</li> <li>NONE: no authentication check.</li> <li>KERBEROS: Kerberos/GSSAPI authentication.</li> <li>CUSTOM: User-defined authentication.</li> <li>LDAP: Lightweight Directory Access Protocol authentication.</li></ul></div>|<div style='width: 30pt'>seq</div>|<div style='width: 20pt'>1.0.0</div>
+kyuubi\.authentication|<div style='width: 65pt;word-wrap: break-word;white-space: normal'>NONE</div>|<div style='width: 170pt;word-wrap: break-word;white-space: normal'>A comma separated list of client authentication types.<ul> <li>NOSASL: raw transport.</li> <li>NONE: no authentication check.</li> <li>KERBEROS: Kerberos/GSSAPI authentication.</li> <li>CUSTOM: User-defined authentication.</li> <li>LDAP: Lightweight Directory Access Protocol authentication.</li></ul> Note that: For KERBEROS, it is SASL/GSSAPI mechanism, and for NONE, CUSTOM and LDAP, they are all SASL/PLAIN mechanism. If only NOSASL is specified, the authentication will be NOSASL. For SASL authentication, KERBEROS and PLAIN auth type are supported at the same time, and only the first specified PLAIN auth type is valid.</div>|<div style='width: 30pt'>seq</div>|<div style='width: 20pt'>1.0.0</div>
 kyuubi\.authentication<br>\.custom\.class|<div style='width: 65pt;word-wrap: break-word;white-space: normal'>&lt;undefined&gt;</div>|<div style='width: 170pt;word-wrap: break-word;white-space: normal'>User-defined authentication implementation of org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider</div>|<div style='width: 30pt'>string</div>|<div style='width: 20pt'>1.3.0</div>
 kyuubi\.authentication<br>\.ldap\.base\.dn|<div style='width: 65pt;word-wrap: break-word;white-space: normal'>&lt;undefined&gt;</div>|<div style='width: 170pt;word-wrap: break-word;white-space: normal'>LDAP base DN.</div>|<div style='width: 30pt'>string</div>|<div style='width: 20pt'>1.0.0</div>
 kyuubi\.authentication<br>\.ldap\.domain|<div style='width: 65pt;word-wrap: break-word;white-space: normal'>&lt;undefined&gt;</div>|<div style='width: 170pt;word-wrap: break-word;white-space: normal'>LDAP domain.</div>|<div style='width: 30pt'>string</div>|<div style='width: 20pt'>1.0.0</div>

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -382,7 +382,8 @@ object KyuubiConf {
       " Note that: For KERBEROS, it is SASL/GSSAPI mechanism," +
       " and for NONE, CUSTOM and LDAP, they are all SASL/PLAIN mechanism." +
       " If only NOSASL is specified, the authentication will be NOSASL." +
-      " For SASL authentication, KERBEROS and one PLAIN auth type are supported at the same time.")
+      " For SASL authentication, KERBEROS and PLAIN auth type are supported at the same time," +
+      " and only the first specified PLAIN auth type is valid.")
     .version("1.0.0")
     .stringConf
     .toSequence()

diff --git a/...cala/org/apache/kyuubi/service/authentication/CustomAuthenticationProviderImplSuite.scala b/...cala/org/apache/kyuubi/service/authentication/CustomAuthenticationProviderImplSuite.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.service.authentication
 
 import javax.security.sasl.AuthenticationException
 
-import org.apache.kyuubi.{KyuubiFunSuite, Utils}
+import org.apache.kyuubi.KyuubiFunSuite
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.service.authentication.AuthenticationProviderFactory.getAuthenticationProvider
 
@@ -38,6 +38,6 @@ class CustomAuthenticationProviderImplSuite extends KyuubiFunSuite {
     val e2 = intercept[AuthenticationException](p1.authenticate("test", "test"))
     assert(e2.getMessage.contains("Username or password is not valid!"))
 
-    p1.authenticate(Utils.currentUser, "password")
+    p1.authenticate("user", "password")
   }
 }
diff --git a/...scala/org/apache/kyuubi/service/authentication/UserDefineAuthenticationProviderImpl.scala b/...scala/org/apache/kyuubi/service/authentication/UserDefineAuthenticationProviderImpl.scala
@@ -19,13 +19,13 @@ package org.apache.kyuubi.service.authentication
 
 import javax.security.sasl.AuthenticationException
 
-import org.apache.kyuubi.{Logging, Utils}
+import org.apache.kyuubi.Logging
 
 class UserDefineAuthenticationProviderImpl()
   extends PasswdAuthenticationProvider with Logging {
 
   override def authenticate(user: String, password: String): Unit = {
-    if (user == Utils.currentUser && password == "password") {
+    if (user == "user" && password == "password") {
       info(s"Success log in of user: $user")
     } else {
       throw new AuthenticationException("Username or password is not valid!")

diff --git a/...yuubiOperationMultipleAuthTypeSuite.scala → ...iOperationKerberosAndPlainAuthSuite.scala b/...yuubiOperationMultipleAuthTypeSuite.scala → ...iOperationKerberosAndPlainAuthSuite.scala
@@ -26,8 +26,9 @@ import org.apache.kyuubi.{KerberizedTestHelper, WithKyuubiServer}
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.service.authentication.{UserDefineAuthenticationProviderImpl, WithLdapServer}
 
-class KyuubiOperationMultipleAuthTypeSuite extends
+class KyuubiOperationKerberosAndPlainAuthSuite extends
   WithKyuubiServer with KerberizedTestHelper with WithLdapServer with JDBCTestUtils {
+  private val customUser: String = "user"
   private val customPasswd: String = "password"
 
   override protected def jdbcUrl: String = getJdbcUrl
@@ -54,13 +55,13 @@ class KyuubiOperationMultipleAuthTypeSuite extends
     UserGroupInformation.setConfiguration(config)
     assert(UserGroupInformation.isSecurityEnabled)
 
-    KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("KERBEROS", "CUSTOM", "LDAP"))
+    KyuubiConf().set(KyuubiConf.AUTHENTICATION_METHOD, Seq("KERBEROS", "LDAP", "CUSTOM"))
       .set(KyuubiConf.SERVER_KEYTAB, testKeytab)
       .set(KyuubiConf.SERVER_PRINCIPAL, testPrincipal)
-      .set(KyuubiConf.AUTHENTICATION_CUSTOM_CLASS,
-        classOf[UserDefineAuthenticationProviderImpl].getCanonicalName)
       .set(KyuubiConf.AUTHENTICATION_LDAP_URL, ldapUrl)
       .set(KyuubiConf.AUTHENTICATION_LDAP_BASEDN, ldapBaseDn)
+      .set(KyuubiConf.AUTHENTICATION_CUSTOM_CLASS,
+        classOf[UserDefineAuthenticationProviderImpl].getCanonicalName)
   }
 
   test("test with KERBEROS authentication") {
@@ -75,8 +76,8 @@ class KyuubiOperationMultipleAuthTypeSuite extends
     }
   }
 
-  test("test with CUSTOM authentication") {
-    val conn = DriverManager.getConnection(jdbcUrlWithConf, user, customPasswd)
+  test("test with LDAP authentication") {
+    val conn = DriverManager.getConnection(jdbcUrlWithConf, ldapUser, ldapUserPasswd)
     try {
       val statement = conn.createStatement()
       val resultSet = statement.executeQuery("select engine_name()")
@@ -87,9 +88,9 @@ class KyuubiOperationMultipleAuthTypeSuite extends
     }
   }
 
-  test("only the first plain auth type is valid") {
+  test("only the first specified plain auth type is valid") {
     intercept[SQLException] {
-      val conn = DriverManager.getConnection(jdbcUrlWithConf, user, ldapUserPasswd)
+      val conn = DriverManager.getConnection(jdbcUrlWithConf, customUser, customPasswd)
       try {
         val statement = conn.createStatement()
         statement.executeQuery("select engine_name()")