Simple user/password authentication for HiveServer2 (no Kerberos/LDAP)… here is a solution to the problem.
Simple user/password authentication for HiveServer2 (no Kerberos/LDAP)
How do I provide simple properties file or database user/password authentication for HiveServer2?
I’ve found this introduction to this, but it’s not in English :(.
About Cloudera reference manual They talk about the hive.server2.authentication property.
It supports the CUSTOM
implementation of interface hive.server2.custom.authentication.
How to achieve this?
Solution
Essentially, you must provide a Java application that can perform authentication. Maybe you’re licensing a mysql or postgres database or flat files, etc. You need to provide a jar that implements the org.apache.hive.service.auth.PasswdAuthenticationProvider interface.
A simple example:
package org.apache.hive.service.auth.PasswdAuthenticationProvider.SampleAuth;
import java.util.Hashtable;
import javax.security.sasl.AuthenticationException;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;
/*
javac -cp $HIVE_HOME/lib/hive-service-0.12.0-cdh5.0.0-beta-2.jar SampleAuthenticator.java -d .
jar cf sampleauth.jar hive
cp sampleauth.jar $HIVE_HOME/lib/.
*/
public class SampleAuthenticator implements PasswdAuthenticationProvider {
Hashtable<String, String> store = null;
public SampleAuthenticator () {
store = new Hashtable<String, String>();
store.put("user1", "passwd1");
store.put("user2", "passwd2");
}
@Override
public void Authenticate(String user, String password)
throws AuthenticationException {
String storedPasswd = store.get(user);
if (storedPasswd != null && storedPasswd.equals(password))
return;
throw new AuthenticationException("SampleAuthenticator: Error validating user");
}
}
Then in hive-site.xml, use your newly created custom authentication jar:
<property>
<name>hive.server2.authentication</name>
<value>CUSTOM</value>
</property>
<property>
<name>hive.server2.custom.authentication.class</name>
<value>org.apache.hive.service.auth.PasswdAuthenticationProvider.SampleAuth</value>
</property>