0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018 package org.apache.hive.service.auth;
0019
0020 import java.util.Hashtable;
0021 import javax.naming.Context;
0022 import javax.naming.NamingException;
0023 import javax.naming.directory.InitialDirContext;
0024 import javax.security.sasl.AuthenticationException;
0025
0026 import org.apache.hadoop.hive.conf.HiveConf;
0027 import org.apache.hive.service.ServiceUtils;
0028
0029 public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvider {
0030
0031 private final String ldapURL;
0032 private final String baseDN;
0033 private final String ldapDomain;
0034
0035 LdapAuthenticationProviderImpl() {
0036 HiveConf conf = new HiveConf();
0037 ldapURL = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_URL);
0038 baseDN = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN);
0039 ldapDomain = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_DOMAIN);
0040 }
0041
0042 @Override
0043 public void Authenticate(String user, String password) throws AuthenticationException {
0044
0045 Hashtable<String, Object> env = new Hashtable<String, Object>();
0046 env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
0047 env.put(Context.PROVIDER_URL, ldapURL);
0048
0049
0050
0051
0052 if (!hasDomain(user) && ldapDomain != null) {
0053 user = user + "@" + ldapDomain;
0054 }
0055
0056 if (password == null || password.isEmpty() || password.getBytes()[0] == 0) {
0057 throw new AuthenticationException("Error validating LDAP user:" +
0058 " a null or blank password has been provided");
0059 }
0060
0061
0062 String bindDN;
0063 if (baseDN == null) {
0064 bindDN = user;
0065 } else {
0066 bindDN = "uid=" + user + "," + baseDN;
0067 }
0068 env.put(Context.SECURITY_AUTHENTICATION, "simple");
0069 env.put(Context.SECURITY_PRINCIPAL, bindDN);
0070 env.put(Context.SECURITY_CREDENTIALS, password);
0071
0072 try {
0073
0074 Context ctx = new InitialDirContext(env);
0075 ctx.close();
0076 } catch (NamingException e) {
0077 throw new AuthenticationException("Error validating LDAP user", e);
0078 }
0079 }
0080
0081 private boolean hasDomain(String userName) {
0082 return (ServiceUtils.indexOfDomainMatch(userName) > 0);
0083 }
0084 }