Skip to content

[KYUUBI #3222] JDBC Authentication Provider for server #3235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
bowenliang123 wants to merge 31 commits into from
Closed

[KYUUBI #3222] JDBC Authentication Provider for server #3235

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
0dc75fe
implement JDBC Authentication Method
bowenliang123 Aug 15, 2022
0e7f0ad
refactor config and init process.remove unused import.
bowenliang123 Aug 15, 2022
996f796
add unit test in JdbcAuthenticationProviderImplSuite
bowenliang123 Aug 15, 2022
49c18c2
update
bowenliang123 Aug 15, 2022
df4be56
update code style
bowenliang123 Aug 15, 2022
7025330
fix derby startup error in test
bowenliang123 Aug 15, 2022
46cc1dd
add config docs in docs/deployment/settings.md
bowenliang123 Aug 15, 2022
15176b2
fix import orders
bowenliang123 Aug 15, 2022
cd2c7c2
update settings.md config doc
bowenliang123 Aug 15, 2022
1dc4187
update settings.md config doc
bowenliang123 Aug 15, 2022
575301c
update options usage
bowenliang123 Aug 15, 2022
30974d1
update format
bowenliang123 Aug 15, 2022
3672919
fix ddl statement and remove truncate statement in test
bowenliang123 Aug 16, 2022
cdec206
more test cases
bowenliang123 Aug 16, 2022
653bc12
add more checks for query sql
bowenliang123 Aug 16, 2022
aeb19ce
update doc
bowenliang123 Aug 16, 2022
b9ffac3
Merge branch 'master' into feature-jdbc-auth-provider
bowenliang123 Aug 16, 2022
9885f81
add JDBC condition for getValidPasswordAuthMethod
bowenliang123 Aug 16, 2022
4ebe12e
add JDBC value to AuthTypes enum
bowenliang123 Aug 16, 2022
1c956df
update KyuubiAuthenticationFactorySuite
bowenliang123 Aug 16, 2022
5a0ac49
output password length only in checkConfigs
bowenliang123 Aug 16, 2022
3a4d5fe
update checkConfigs() signature
bowenliang123 Aug 16, 2022
a4fe582
refactor connection creation on using HikariDataSource in HikariCP. a…
bowenliang123 Aug 16, 2022
543c66c
prefer scala style string usage
bowenliang123 Aug 16, 2022
6765aff
changed to use in-memory derby db for test
bowenliang123 Aug 16, 2022
77f5f86
remove unuseful comment
bowenliang123 Aug 16, 2022
a9404fa
use {} for intercept
bowenliang123 Aug 16, 2022
6fc42bf
code styling
bowenliang123 Aug 16, 2022
e9af096
use clone instead of repeatly generating configs
bowenliang123 Aug 16, 2022
d5f43e0
remove unuseful logs for unrecognized placeholder error
bowenliang123 Aug 16, 2022
17403b3
cleanup docs
bowenliang123 Aug 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add more checks for query sql
  • Loading branch information
@bowenliang123
bowenliang123 committed Aug 16, 2022
commit 653bc1261318f56edcd42dc09d8643a56ca277f6
35 changes: 23 additions & 12 deletions .../main/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImpl.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,14 +63,7 @@ class JdbcAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat

checkConfigs

// Load Driver Class
try {
Class.forName(dbDriver.get)
} catch {
case e: ClassNotFoundException =>
error(s"Driver class not found: $dbDriver")
throw e;
}
loadJdbcDriverClass

var connection: Connection = null
var queryStatement: PreparedStatement = null
Expand Down Expand Up @@ -127,9 +120,27 @@ class JdbcAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
if (querySql.isEmpty) {
throw new IllegalArgumentException("Query SQL is not configured")
}
if (!querySql.get.trim.toLowerCase.startsWith("select")) { // only allow select query sql
val querySqlInLowerCase = querySql.get.trim.toLowerCase
if (!querySqlInLowerCase.startsWith("select")) { // allow select query sql only
throw new IllegalArgumentException("Query SQL must start with \"SELECT\"");
}
if (!querySqlInLowerCase.contains("where")) {
warn("Query SQL does not contains \"WHERE\" keyword");
}
if (!querySqlInLowerCase.contains("${username}")) {
warn("Query SQL does not contains \"${username}\" placeholder");
}
}

private def loadJdbcDriverClass: Unit = {
// Load Driver Class
try {
Class.forName(dbDriver.get)
} catch {
case e: ClassNotFoundException =>
error(s"JDBC Driver class not found: $dbDriver")
throw e;
}
}

/**
Expand Down Expand Up @@ -164,9 +175,9 @@ class JdbcAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
* @return
*/
private def getAndPrepareStatement(
connection: Connection,
user: String,
password: String): PreparedStatement = {
connection: Connection,
user: String,
password: String): PreparedStatement = {
// Replace placeholders by "?" and prepare the statement
val stmt = connection.prepareStatement(getPreparedSql(querySql.get))

Expand Down
32 changes: 17 additions & 15 deletions .../scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,19 +81,6 @@ class JdbcAuthenticationProviderImplSuite extends KyuubiFunSuite {
}
}

def genJdbcAuthConfigs: KyuubiConf = {
conf = new KyuubiConf()
conf.set(AUTHENTICATION_JDBC_DRIVER, "org.apache.derby.jdbc.AutoloadedDriver")
conf.set(AUTHENTICATION_JDBC_URL, jdbcUrl)
conf.set(AUTHENTICATION_JDBC_USERNAME, dbUser)
conf.set(AUTHENTICATION_JDBC_PASSWORD, dbPasswd)
conf.set(
AUTHENTICATION_JDBC_QUERY,
"SELECT 1 FROM user_auth " +
" WHERE username=${username} and passwd=${password}")
conf
}

test("authenticate tests") {
var providerImpl = new JdbcAuthenticationProviderImpl(conf)

Expand Down Expand Up @@ -133,8 +120,10 @@ class JdbcAuthenticationProviderImplSuite extends KyuubiFunSuite {
val e8 = intercept[IllegalArgumentException](providerImpl.authenticate(authUser, authPasswd))
assert(e8.getMessage.contains("Query SQL is not configured"))

conf.set(AUTHENTICATION_JDBC_QUERY, "INSERT INTO user_auth (username, password) " +
" VALUES ('demouser','demopassword'); ")
conf.set(
AUTHENTICATION_JDBC_QUERY,
"INSERT INTO user_auth (username, password) " +
" VALUES ('demouser','demopassword'); ")
providerImpl = new JdbcAuthenticationProviderImpl(conf)
val e9 = intercept[IllegalArgumentException](providerImpl.authenticate(authUser, authPasswd))
assert(e9.getMessage.contains("Query SQL must start with \"SELECT\""))
Expand All @@ -144,4 +133,17 @@ class JdbcAuthenticationProviderImplSuite extends KyuubiFunSuite {
val e10 = intercept[IllegalArgumentException](providerImpl.authenticate(authUser, authPasswd))
assert(e10.getMessage.contains("JDBC url is not configured"))
}

private def genJdbcAuthConfigs: KyuubiConf = {
conf = new KyuubiConf()
conf.set(AUTHENTICATION_JDBC_DRIVER, "org.apache.derby.jdbc.AutoloadedDriver")
conf.set(AUTHENTICATION_JDBC_URL, jdbcUrl)
conf.set(AUTHENTICATION_JDBC_USERNAME, dbUser)
conf.set(AUTHENTICATION_JDBC_PASSWORD, dbPasswd)
conf.set(
AUTHENTICATION_JDBC_QUERY,
"SELECT 1 FROM user_auth " +
" WHERE username=${username} and passwd=${password}")
conf
}
}