From a99d862dcc8326b3f419637bfb6bc390dad0bf8b Mon Sep 17 00:00:00 2001 From: jerryshao Date: Thu, 13 Sep 2018 14:47:11 +0800 Subject: [PATCH 1/2] support custom auth filter for livy server --- conf/livy.conf.template | 13 ++++++++++++ .../org/apache/livy/server/LivyServer.scala | 21 ++++++++++++++++--- 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/conf/livy.conf.template b/conf/livy.conf.template index 707e9c931..2590e870e 100644 --- a/conf/livy.conf.template +++ b/conf/livy.conf.template @@ -148,3 +148,16 @@ # A list of users with comma separated has the permission to view other user's infomation, like # submitted session state, statement results. # livy.server.access-control.view-users = +# +# Authentication support for Livy server +# Livy has a built-in SPnego authentication support for HTTP requests with below configurations. +# livy.server.auth.type = kerberos +# livy.server.auth.kerberos.principal = +# livy.server.auth.kerberos.keytab = +# livy.server.auth.kerberos.name-rules = DEFAULT +# +# If user wants to use custom authentication filter, configurations are: +# livy.server.auth.type = +# livy.server.auth..class = +# livy.server.auth..param. = +# livy.server.auth..param. = diff --git a/server/src/main/scala/org/apache/livy/server/LivyServer.scala b/server/src/main/scala/org/apache/livy/server/LivyServer.scala index b0224f786..cfd97c775 100644 --- a/server/src/main/scala/org/apache/livy/server/LivyServer.scala +++ b/server/src/main/scala/org/apache/livy/server/LivyServer.scala @@ -23,6 +23,7 @@ import java.util.concurrent._ import java.util.EnumSet import javax.servlet._ +import scala.collection.JavaConverters._ import scala.concurrent.ExecutionContext.Implicits.global import scala.concurrent.Future @@ -259,11 +260,25 @@ class LivyServer extends Logging { server.context.addFilter(holder, "/*", EnumSet.allOf(classOf[DispatcherType])) info(s"SPNEGO auth enabled (principal = $principal)") - case null => + case null => // Nothing to do. - case other => - throw new IllegalArgumentException(s"Invalid auth type: $other") + case e => + val authClassConf = s"livy.server.auth.$e.class" + val authClass = livyConf.get(authClassConf) + require(authClass != null, s"$e auth requires $authClassConf to be provided") + + val holder = new FilterHolder() + holder.setClassName(authClass) + + val prefix = s"livy.server.auth.$e.param." + livyConf.asScala.filter { kv => + kv.getKey.length > prefix.length && kv.getKey.startsWith(prefix) + }.foreach { kv => + holder.setInitParameter(kv.getKey.substring(prefix.length), kv.getValue) + } + server.context.addFilter(holder, "/*", EnumSet.allOf(classOf[DispatcherType])) + info(s"$e auth enabled") } if (livyConf.getBoolean(CSRF_PROTECTION)) { From 7f6124f96dfdf0dbf85d2e07c54eef3630e45958 Mon Sep 17 00:00:00 2001 From: jerryshao Date: Fri, 1 Feb 2019 09:59:10 +0800 Subject: [PATCH 2/2] Address the comments --- .../main/scala/org/apache/livy/server/LivyServer.scala | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/src/main/scala/org/apache/livy/server/LivyServer.scala b/server/src/main/scala/org/apache/livy/server/LivyServer.scala index cfd97c775..60f3961dc 100644 --- a/server/src/main/scala/org/apache/livy/server/LivyServer.scala +++ b/server/src/main/scala/org/apache/livy/server/LivyServer.scala @@ -263,22 +263,22 @@ class LivyServer extends Logging { case null => // Nothing to do. - case e => - val authClassConf = s"livy.server.auth.$e.class" + case customType => + val authClassConf = s"livy.server.auth.$customType.class" val authClass = livyConf.get(authClassConf) - require(authClass != null, s"$e auth requires $authClassConf to be provided") + require(authClass != null, s"$customType auth requires $authClassConf to be provided") val holder = new FilterHolder() holder.setClassName(authClass) - val prefix = s"livy.server.auth.$e.param." + val prefix = s"livy.server.auth.$customType.param." livyConf.asScala.filter { kv => kv.getKey.length > prefix.length && kv.getKey.startsWith(prefix) }.foreach { kv => holder.setInitParameter(kv.getKey.substring(prefix.length), kv.getValue) } server.context.addFilter(holder, "/*", EnumSet.allOf(classOf[DispatcherType])) - info(s"$e auth enabled") + info(s"$customType auth enabled") } if (livyConf.getBoolean(CSRF_PROTECTION)) {