Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] JDBC Authentication Provider for server #3222

Closed
3 tasks done
bowenliang123 opened this issue Aug 12, 2022 · 0 comments
Closed
3 tasks done

[FEATURE] JDBC Authentication Provider for server #3222

bowenliang123 opened this issue Aug 12, 2022 · 0 comments
Labels
kind:feature Feature request priority:major

Comments

@bowenliang123
Copy link
Contributor

bowenliang123 commented Aug 12, 2022
edited
Loading

Code of Conduct

Search before asking

  • I have searched in the issues and found no similar issues.

Describe the feature

Add JDBC authentication provider as implementation of PasswdAuthenticationProvider out of box.

Compared to currently support authentication methods like Kerberos and LDAP, JDBC source is a much easy and stable source for practical deployment.

The solution should provide:

  • easy to use and config jdbc connection details
  • handy to customize query statements for authentication
  • provide efficient db connection pooling (optional)

Motivation

No response

Describe the solution

Add JDBC to AuthMethods enum and JDBCPasswdAuthenticationProvider into package org.apache.kyuubi.service.authentication with listed features:

  • specify JDBC driver name and load the driver class
  • configs of JDBC url, username and password
  • select query with placeholders for checking user and password , like SELECT * from user_pass_hash where username = ${user} and password = MD5(${password})
  • cache and reuse jdbc connections (optional)

Additional context

No response

Are you willing to submit PR?

  • Yes I am willing to submit a PR!
@bowenliang123 bowenliang123 changed the title [FEATURE] Provide JDBC Authentication Provider [FEATURE] JDBC source Authentication Provider for server Aug 12, 2022
@bowenliang123 bowenliang123 changed the title [FEATURE] JDBC source Authentication Provider for server [FEATURE] JDBC Authentication Provider for server Aug 12, 2022
@bowenliang123 bowenliang123 mentioned this issue Aug 16, 2022
Closed
3 tasks
This was referenced Aug 18, 2022
Closed
Closed
pan3793 added a commit to pan3793/kyuubi that referenced this issue Aug 19, 2022
@pan3793
[KYUUBI apache#3222][FOLLOWUP] Introdude JdbcUtils to simplify code
1c55734
yaooqinn pushed a commit that referenced this issue Aug 19, 2022
@bowenliang123 @yaooqinn
[KYUUBI #3275] [KYUUBI 3269] [DOCS] Doc for JDBC authentication provider
97b14f8 
### _Why are the changes needed?_

fix #3269

Add docs for JDBC auth provider from #3222 shipping within 1.6.0, add jdbc.rst in /docs/security path
simplify the config docs for kyuubi.authentication.jdbc.query in /docs/deployment/settings.md by moving examples to the docs of jdbc auth provider.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3275 from bowenliang123/doc-jdbc-auth.

Closes #3275

e393f6d [liangbowen] fix config example mistakes
ab70cc8 [liangbowen] update doc for auth query sql
ebd5e19 [liangbowen] update doc description
0b15af5 [liangbowen] typo
953000f [liangbowen] typo
ab944e7 [liangbowen] typo
e3c3d25 [liangbowen] regenerate conf docs. udpate jdbc.md.
45429ad [liangbowen] typo
3b05338 [liangbowen] add docs for jdbc authentication provider

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Kent Yao <yao@apache.org>
pan3793 added a commit to pan3793/kyuubi that referenced this issue Aug 19, 2022
@pan3793
[KYUUBI apache#3222][FOLLOWUP] Introdude JdbcUtils to simplify code
2063c43
pan3793 added a commit that referenced this issue Aug 20, 2022
@pan3793
[KYUUBI #3222][FOLLOWUP] Introdude JdbcUtils to simplify code
d0f75e8 
### _Why are the changes needed?_

This is the followup of #3235, the main change is introdude `JdbcUtils` to simplify code, and allow empty password for Jdbc auth.

Jdbc connection pool has been removed because `JdbcAuthenticationProviderImpl` will be created on each connection, we can improve to use singleton in the future

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3278 from pan3793/jdbc-followup.

Closes #3222

2863cae [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
51a9c45 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
eee3c55 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/util/JdbcUtilsSuite.scala
d02bb99 [Cheng Pan] nit
e001b5b [Cheng Pan] nit
8cf5cd6 [Cheng Pan] nit
032f2df [Cheng Pan] nit
8a42f18 [Cheng Pan] nit
c7893fd [Cheng Pan] JdbcUtilsSuite
f97f2d9 [Cheng Pan] remove pool
a8812d0 [Cheng Pan] move render result set to test
83d7d4c [Cheng Pan] fix ut
db787a4 [Cheng Pan] nit
864f9dd [Cheng Pan] nit
b60decf [Cheng Pan] nit
8c66e0b [Cheng Pan] nit
2063c43 [Cheng Pan] [KYUUBI #3222][FOLLOWUP] Introdude JdbcUtils to simplify code

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
pan3793 added a commit that referenced this issue Aug 20, 2022
@pan3793
[KYUUBI #3222][FOLLOWUP] Introdude JdbcUtils to simplify code
9d83e63 
### _Why are the changes needed?_

This is the followup of #3235, the main change is introdude `JdbcUtils` to simplify code, and allow empty password for Jdbc auth.

Jdbc connection pool has been removed because `JdbcAuthenticationProviderImpl` will be created on each connection, we can improve to use singleton in the future

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3278 from pan3793/jdbc-followup.

Closes #3222

2863cae [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
51a9c45 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
eee3c55 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/util/JdbcUtilsSuite.scala
d02bb99 [Cheng Pan] nit
e001b5b [Cheng Pan] nit
8cf5cd6 [Cheng Pan] nit
032f2df [Cheng Pan] nit
8a42f18 [Cheng Pan] nit
c7893fd [Cheng Pan] JdbcUtilsSuite
f97f2d9 [Cheng Pan] remove pool
a8812d0 [Cheng Pan] move render result set to test
83d7d4c [Cheng Pan] fix ut
db787a4 [Cheng Pan] nit
864f9dd [Cheng Pan] nit
b60decf [Cheng Pan] nit
8c66e0b [Cheng Pan] nit
2063c43 [Cheng Pan] [KYUUBI #3222][FOLLOWUP] Introdude JdbcUtils to simplify code

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Cheng Pan <chengpan@apache.org>
(cherry picked from commit d0f75e8)
Signed-off-by: Cheng Pan <chengpan@apache.org>
pan3793 pushed a commit that referenced this issue Aug 22, 2022
@bowenliang123 @pan3793
[KYUUBI #3222][FOLLOWUP] Fixing placeholder and config of user in JDB…
2b67ab6 
…C Authentication Provider

### _Why are the changes needed?_

To fix the config name and placeholder with `username` introduced in #3235 violate this convention as in JDBC driver use `user` keyword used for connection user rather than `username`,

1. change config name from `kyuubi.authentication.jdbc.username` to `kyuubi.authentication.jdbc.user`
2. change placeholder from `${username}` to `${user}`
3. update docs and config description related to above changes, and sync the update in jdbc auth docs statement details to config docs.
4. fix error in throwing AuthenticationException with auth db password. ut added for the fix.
5. other minor update in docs of custom auth

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3288 from bowenliang123/jdbc-auth-config-update.

Closes #3222

502703f [Bowen Liang] skip map for placeholder value lookup
3733be4 [liangbowen] nit
ab00525 [liangbowen] nit
2301c4f [liangbowen] fix ut of jdbc auth with wrong_password
06f0c1b [liangbowen] remove redundant docs
ec4565b [liangbowen] remove redundant docs
ae1cce2 [liangbowen] fix compilation error of configLog
5d14103 [liangbowen] simplify configLog
6678e65 [liangbowen] reformat
52c1038 [liangbowen] simplify placeholder checking
21c2d5e [liangbowen] check whether placeholders in supported list before conn establishment or authenticate
7db0adf [liangbowen] ut for unknown placeholder
657de6a [liangbowen] nit
736b3f2 [liangbowen] refactoring placeholder value lookup, for preventing setString multiple times with "i+1"
86c8912 [liangbowen] setMaxRows after prepare placeholder, to postpone operation on jdbc conn
115fae5 [liangbowen] increase test code coverage
b45b28c [liangbowen] resultSet returned by executeQuery is never null
e1c0727 [liangbowen] update ut for redactPassword in JdbcUtils
b4a52e2 [liangbowen] fix typo in docs of custom auth
371c2c6 [liangbowen] move redactPassword method to JdbcUtils and add ut.
a4973c5 [liangbowen] reformat code
486e150 [liangbowen] fix error in throwing AuthenticationException with auth db password. add ut for the fix.
efced90 [liangbowen] update settings.md
ef97e35 [liangbowen] add SELECT prefix hint for doc of  kyuubi.authentication.jdbc.query
025f94c [liangbowen] fix username to user in JdbcAuthenticationProviderImpl by 1. use config name `kyuubi.authentication.jdbc.user`, 2. use ${user} placeholder instead of ${username}

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
pan3793 pushed a commit that referenced this issue Aug 22, 2022
@bowenliang123 @pan3793
[KYUUBI #3275] [KYUUBI 3269] [DOCS] Doc for JDBC authentication provider
04f3115 
### _Why are the changes needed?_

fix #3269

Add docs for JDBC auth provider from #3222 shipping within 1.6.0, add jdbc.rst in /docs/security path
simplify the config docs for kyuubi.authentication.jdbc.query in /docs/deployment/settings.md by moving examples to the docs of jdbc auth provider.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3275 from bowenliang123/doc-jdbc-auth.

Closes #3275

e393f6d [liangbowen] fix config example mistakes
ab70cc8 [liangbowen] update doc for auth query sql
ebd5e19 [liangbowen] update doc description
0b15af5 [liangbowen] typo
953000f [liangbowen] typo
ab944e7 [liangbowen] typo
e3c3d25 [liangbowen] regenerate conf docs. udpate jdbc.md.
45429ad [liangbowen] typo
3b05338 [liangbowen] add docs for jdbc authentication provider

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Kent Yao <yao@apache.org>
pan3793 pushed a commit that referenced this issue Aug 22, 2022
@bowenliang123 @pan3793
[KYUUBI #3222][FOLLOWUP] Fixing placeholder and config of user in JDB…
8b65e0e 
…C Authentication Provider

### _Why are the changes needed?_

To fix the config name and placeholder with `username` introduced in #3235 violate this convention as in JDBC driver use `user` keyword used for connection user rather than `username`,

1. change config name from `kyuubi.authentication.jdbc.username` to `kyuubi.authentication.jdbc.user`
2. change placeholder from `${username}` to `${user}`
3. update docs and config description related to above changes, and sync the update in jdbc auth docs statement details to config docs.
4. fix error in throwing AuthenticationException with auth db password. ut added for the fix.
5. other minor update in docs of custom auth

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3288 from bowenliang123/jdbc-auth-config-update.

Closes #3222

502703f [Bowen Liang] skip map for placeholder value lookup
3733be4 [liangbowen] nit
ab00525 [liangbowen] nit
2301c4f [liangbowen] fix ut of jdbc auth with wrong_password
06f0c1b [liangbowen] remove redundant docs
ec4565b [liangbowen] remove redundant docs
ae1cce2 [liangbowen] fix compilation error of configLog
5d14103 [liangbowen] simplify configLog
6678e65 [liangbowen] reformat
52c1038 [liangbowen] simplify placeholder checking
21c2d5e [liangbowen] check whether placeholders in supported list before conn establishment or authenticate
7db0adf [liangbowen] ut for unknown placeholder
657de6a [liangbowen] nit
736b3f2 [liangbowen] refactoring placeholder value lookup, for preventing setString multiple times with "i+1"
86c8912 [liangbowen] setMaxRows after prepare placeholder, to postpone operation on jdbc conn
115fae5 [liangbowen] increase test code coverage
b45b28c [liangbowen] resultSet returned by executeQuery is never null
e1c0727 [liangbowen] update ut for redactPassword in JdbcUtils
b4a52e2 [liangbowen] fix typo in docs of custom auth
371c2c6 [liangbowen] move redactPassword method to JdbcUtils and add ut.
a4973c5 [liangbowen] reformat code
486e150 [liangbowen] fix error in throwing AuthenticationException with auth db password. add ut for the fix.
efced90 [liangbowen] update settings.md
ef97e35 [liangbowen] add SELECT prefix hint for doc of  kyuubi.authentication.jdbc.query
025f94c [liangbowen] fix username to user in JdbcAuthenticationProviderImpl by 1. use config name `kyuubi.authentication.jdbc.user`, 2. use ${user} placeholder instead of ${username}

Lead-authored-by: liangbowen <liangbowen@gf.com.cn>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind:feature Feature request priority:major
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bowenliang123