in server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java [915:987]
private AvaticaServerConfiguration buildSpnegoConfiguration(Builder b) {
final String principal = b.kerberosPrincipal;
final int separatorIndex = principal.indexOf('/');
if (separatorIndex < 1) {
throw new RuntimeException("Expected principal to be of the form primary/instance"
+ " but got " + principal);
}
final String primary = principal.substring(0, separatorIndex);
final int atSignIndex = principal.indexOf('@');
final String instance;
// Trim off the @REALM if it's present
if (atSignIndex == -1) {
instance = principal.substring(separatorIndex + 1);
} else {
instance = principal.substring(separatorIndex + 1, atSignIndex);
}
final String realm = b.kerberosRealm;
final File keytab = b.keytab;
final String[] additionalAllowedRealms = b.loginServiceAllowedRoles;
final DoAsRemoteUserCallback callback = b.remoteUserCallback;
final RemoteUserExtractor remoteUserExtractor = b.remoteUserExtractor;
return new AvaticaServerConfiguration() {
@Override public AuthenticationType getAuthenticationType() {
return AuthenticationType.SPNEGO;
}
@Override public String getKerberosRealm() {
return realm;
}
@Override public String getKerberosPrincipal() {
return principal;
}
@Override public String getKerberosServiceName() {
return primary;
}
@Override public String getKerberosHostName() {
return instance;
}
@Override public File getKerberosKeytab() {
return keytab;
}
@Override public boolean supportsImpersonation() {
return null != callback;
}
@Override public <T> T doAsRemoteUser(String remoteUserName, String remoteAddress,
Callable<T> action) throws Exception {
return callback.doAsRemoteUser(remoteUserName, remoteAddress, action);
}
@Override public RemoteUserExtractor getRemoteUserExtractor() {
return remoteUserExtractor;
}
@Override public String[] getAllowedRoles() {
return additionalAllowedRealms;
}
@Override public String getHashLoginServiceRealm() {
return null;
}
@Override public String getHashLoginServiceProperties() {
return null;
}
};
}