@@ -25,6 +25,7 @@ import scala.collection.JavaConverters._
2525
2626import org .apache .commons .logging .Log
2727import org .apache .hadoop .hive .conf .HiveConf
28+ import org .apache .hadoop .hive .conf .HiveConf .ConfVars
2829import org .apache .hadoop .hive .shims .Utils
2930import org .apache .hadoop .security .UserGroupInformation
3031import org .apache .hive .service .{AbstractService , Service , ServiceException }
@@ -47,6 +48,7 @@ private[hive] class SparkSQLCLIService(hiveServer: HiveServer2, sqlContext: SQLC
4748 setSuperField(this , " sessionManager"
4849 addService(sparkSqlSessionManager)
4950 var sparkServiceUGI : UserGroupInformation = null
51+ var httpUGI : UserGroupInformation = null
5052
5153 if (UserGroupInformation .isSecurityEnabled) {
5254 try {
@@ -57,7 +59,24 @@ private[hive] class SparkSQLCLIService(hiveServer: HiveServer2, sqlContext: SQLC
5759 case e @ (_ : IOException | _ : LoginException ) =>
5860 throw new ServiceException (" Unable to login to kerberos with given principal/keytab"
5961 }
60- }
62+
63+ // Also try creating a UGI object for the SPNego principal
64+ val principal = hiveConf.getVar(ConfVars .HIVE_SERVER2_SPNEGO_PRINCIPAL )
65+ val keyTabFile = hiveConf.getVar(ConfVars .HIVE_SERVER2_SPNEGO_KEYTAB )
66+ if (principal.isEmpty() || keyTabFile.isEmpty()) {
67+ getAncestorField[Log ](this , 3 , " LOG"
68+ s " SPNego httpUGI not created, spNegoPrincipal: $principal , ketabFile: $keyTabFile" )
69+ } else {
70+ try {
71+ httpUGI = HiveAuthFactory .loginFromSpnegoKeytabAndReturnUGI(hiveConf)
72+ setSuperField(this , " httpUGI"
73+ getAncestorField[Log ](this , 3 , " LOG" " SPNego httpUGI successfully created."
74+ } catch {
75+ case e : IOException =>
76+ getAncestorField[Log ](this , 3 , " LOG" s " SPNego httpUGI creation failed: $e" )
77+ }
78+ }
79+ }
6180
6281 initCompositeService(hiveConf)
6382 }
0 commit comments