in kyuubi-relocated-hive-metastore-client/src/main/java/org/apache/kyuubi/shaded/hive/metastore/security/HadoopThriftAuthBridge.java [89:153]
public TTransport createClientTransport(
String principalConfig,
String host,
String methodStr,
String tokenStrForm,
final TTransport underlyingTransport,
final Map<String, String> saslProps)
throws IOException {
final AuthMethod method = AuthMethod.valueOf(AuthMethod.class, methodStr);
TTransport saslTransport = null;
switch (method) {
case DIGEST:
Token<DelegationTokenIdentifier> t = new Token<>();
t.decodeFromUrlString(tokenStrForm);
try {
saslTransport =
new TSaslClientTransport(
method.getMechanismName(),
null,
null,
SaslRpcServer.SASL_DEFAULT_REALM,
saslProps,
new SaslClientCallbackHandler(t),
underlyingTransport);
} catch (TTransportException e) {
e.printStackTrace();
}
return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());
case KERBEROS:
String serverPrincipal = SecurityUtil.getServerPrincipal(principalConfig, host);
final String names[] = SaslRpcServer.splitKerberosName(serverPrincipal);
if (names.length != 3) {
throw new IOException(
"Kerberos principal name does NOT have the expected hostname part: "
+ serverPrincipal);
}
try {
return UserGroupInformation.getCurrentUser()
.doAs(
new PrivilegedExceptionAction<TUGIAssumingTransport>() {
@Override
public TUGIAssumingTransport run() throws IOException, TTransportException {
TTransport saslTransport =
new TSaslClientTransport(
method.getMechanismName(),
null,
names[0],
names[1],
saslProps,
null,
underlyingTransport);
return new TUGIAssumingTransport(
saslTransport, UserGroupInformation.getCurrentUser());
}
});
} catch (InterruptedException | SaslException se) {
throw new IOException("Could not instantiate SASL transport", se);
}
default:
throw new IOException("Unsupported authentication method: " + method);
}
}