prestodb · pdabre12 · Mar 13, 2026 · Mar 12, 2026 · Mar 13, 2026 · Mar 13, 2026
@@ -0,0 +1,110 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.facebook.presto.common;
+
+import java.util.Optional;
+
+public class AuthClientConfigs
+{
+    private final String nodeId;
+    private final String keyStorePath;
+    private final String keyStorePassword;
+    private final String trustStorePath;
+    private final String trustStorePassword;
+    private final Optional<String> excludeCipherSuites;
+    private final Optional<String> includedCipherSuites;
+    private final boolean internalJwtEnabled;
+    private final Optional<String> sharedSecret;
+
+    public static AuthClientConfigs defaultAuthClientConfigs(String nodeId)
+    {
+        return new AuthClientConfigs(
+                nodeId,
+                null,
+                null,
+                null,
+                null,
+                Optional.empty(),
+                Optional.empty(),
+                false,
+                Optional.empty());
+    }
+
+    public AuthClientConfigs(
+            String nodeId,
+            String keyStorePath,
+            String keyStorePassword,
+            String trustStorePath,
+            String trustStorePassword,
+            Optional<String> excludeCipherSuites,
+            Optional<String> includedCipherSuites,
+            boolean internalJwtEnabled,
+            Optional<String> sharedSecret)
+    {
+        this.nodeId = nodeId;
+        this.keyStorePath = keyStorePath;
+        this.keyStorePassword = keyStorePassword;
+        this.trustStorePath = trustStorePath;
+        this.trustStorePassword = trustStorePassword;
+        this.excludeCipherSuites = excludeCipherSuites;
+        this.includedCipherSuites = includedCipherSuites;
+        this.internalJwtEnabled = internalJwtEnabled;
+        this.sharedSecret = sharedSecret;
+    }
+
+    public String getNodeId()
+    {
+        return nodeId;
+    }
+
+    public String getKeyStorePath()
+    {
+        return keyStorePath;
+    }
+
+    public String getKeyStorePassword()
+    {
+        return keyStorePassword;
+    }
+
+    public String getTrustStorePath()
+    {
+        return trustStorePath;
+    }
+
+    public String getTrustStorePassword()
+    {
+        return trustStorePassword;
+    }
+
+    public Optional<String> getExcludeCipherSuites()
+    {
+        return excludeCipherSuites;
+    }
+
+    public Optional<String> getIncludedCipherSuites()
+    {
+        return includedCipherSuites;
+    }
+
+    public boolean isInternalJwtEnabled()
+    {
+        return internalJwtEnabled;
+    }
+
+    public Optional<String> getSharedSecret()
+    {
+        return sharedSecret;
+    }
+}
@@ -194,6 +194,22 @@
             <artifactId>netty-buffer</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>com.facebook.presto</groupId>
+            <artifactId>presto-internal-communication</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.facebook.airlift</groupId>
+            <artifactId>jaxrs</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.ws.rs</groupId>
+            <artifactId>jakarta.ws.rs-api</artifactId>
+        </dependency>
+
         <!-- for testing -->
         <dependency>
             <groupId>com.facebook.presto</groupId>
@@ -225,24 +241,12 @@
             <scope>test</scope>
         </dependency>
 
-        <dependency>
-            <groupId>com.facebook.airlift</groupId>
-            <artifactId>jaxrs</artifactId>
-            <scope>test</scope>
-        </dependency>
-
         <dependency>
             <groupId>com.facebook.airlift</groupId>
             <artifactId>jaxrs-testing</artifactId>
             <scope>test</scope>
         </dependency>
 
-        <dependency>
-            <groupId>jakarta.ws.rs</groupId>
-            <artifactId>jakarta.ws.rs-api</artifactId>
-            <scope>test</scope>
-        </dependency>
-
         <dependency>
             <groupId>com.facebook.presto</groupId>
             <artifactId>presto-function-namespace-managers-common</artifactId>
@@ -251,4 +255,19 @@
         </dependency>
 
     </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <configuration>
+                    <ignoredNonTestScopedDependencies>
+                        <ignoredNonTestScopedDependency>jakarta.ws.rs:jakarta.ws.rs-api</ignoredNonTestScopedDependency>
+                        <ignoredNonTestScopedDependency>com.facebook.airlift:jaxrs</ignoredNonTestScopedDependency>
+                    </ignoredNonTestScopedDependencies>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
 </project>
@@ -13,18 +13,29 @@
  */
 package com.facebook.presto.functionNamespace.rest;
 
+import com.facebook.presto.common.AuthClientConfigs;
 import com.facebook.presto.functionNamespace.ForRestServer;
 import com.google.inject.Binder;
 import com.google.inject.Module;
 
 import static com.facebook.airlift.http.client.HttpClientBinder.httpClientBinder;
+import static com.facebook.presto.server.CommonInternalCommunicationModule.bindInternalAuth;
+import static java.util.Objects.requireNonNull;
 
 public class RestBasedCommunicationModule
         implements Module
 {
+    private final AuthClientConfigs authClientConfigs;
+
+    public RestBasedCommunicationModule(AuthClientConfigs authClientConfigs)
+    {
+        this.authClientConfigs = requireNonNull(authClientConfigs, "authClientConfigs is null");
+    }
+
     @Override
     public void configure(Binder binder)
     {
+        bindInternalAuth(binder, authClientConfigs);
         httpClientBinder(binder).bindHttpClient("restServer", ForRestServer.class);
     }
 }
@@ -54,7 +54,7 @@ public FunctionNamespaceManager<?> create(String catalogName, Map<String, String
     {
         try {
             Bootstrap app = new Bootstrap(
-                    new RestBasedCommunicationModule(),
+                    new RestBasedCommunicationModule(context.getAuthClientConfigs()),
                     new RestBasedFunctionNamespaceManagerModule(catalogName),
                     new RestSqlFunctionExecutorsModule());
 

@@ -22,6 +22,8 @@
 import java.util.Collections;
 import java.util.Map;
 
+import static com.facebook.presto.common.AuthClientConfigs.defaultAuthClientConfigs;
+
 public final class HiveFunctionsTestUtils
 {
     private HiveFunctionsTestUtils() {}
@@ -38,7 +40,8 @@ public static TestingPrestoServer createTestingPrestoServer()
                 "hive-functions",
                 "hive",
                 getNamespaceManagerCreationProperties(),
-                server.getPluginNodeManager());
+                server.getPluginNodeManager(),
+                defaultAuthClientConfigs(server.getPluginNodeManager().getCurrentNode().getNodeIdentifier()));
         server.refreshNodes();
         return server;
     }

@@ -35,6 +35,7 @@
 import java.util.List;
 import java.util.stream.Stream;
 
+import static com.facebook.presto.common.AuthClientConfigs.defaultAuthClientConfigs;
 import static com.facebook.presto.common.type.BigintType.BIGINT;
 import static com.facebook.presto.common.type.DoubleType.DOUBLE;
 import static com.facebook.presto.common.type.VarcharType.VARCHAR;
@@ -150,7 +151,8 @@ private static TestingPrestoServer createServer()
                 "hive-functions",
                 "hive",
                 Collections.emptyMap(),
-                server.getPluginNodeManager());
+                server.getPluginNodeManager(),
+                defaultAuthClientConfigs(server.getPluginNodeManager().getCurrentNode().getNodeIdentifier()));
         server.refreshNodes();
         return server;
     }

@@ -103,6 +103,11 @@
             <artifactId>jackson-annotations</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>com.facebook.presto</groupId>
+            <artifactId>presto-common</artifactId>
+        </dependency>
+
         <!-- Testing -->
         <dependency>
             <groupId>org.testng</groupId>

@@ -16,6 +16,7 @@
 import com.facebook.airlift.configuration.AbstractConfigurationAwareModule;
 import com.facebook.airlift.http.client.HttpClientConfig;
 import com.facebook.airlift.http.client.spnego.KerberosConfig;
+import com.facebook.presto.common.AuthClientConfigs;
 import com.facebook.presto.server.security.InternalAuthenticationFilter;
 import com.google.inject.Binder;
 import com.google.inject.Module;
@@ -59,6 +60,38 @@ protected void setup(Binder binder)
         jaxrsBinder(binder).bind(InternalAuthenticationFilter.class);
     }
 
+    public static void bindHttpClientDefaults(Binder binder, AuthClientConfigs authClientConfigs)
+    {
+        configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, config -> {
+            config.setKeyStorePath(authClientConfigs.getKeyStorePath());
+            config.setKeyStorePassword(authClientConfigs.getKeyStorePassword());
+            config.setTrustStorePath(authClientConfigs.getTrustStorePath());
+            config.setTrustStorePassword(authClientConfigs.getTrustStorePassword());
+
+            authClientConfigs.getIncludedCipherSuites()
+                    .ifPresent(config::setHttpsIncludedCipherSuites);
+
+            authClientConfigs.getExcludeCipherSuites()
+                    .ifPresent(config::setHttpsExcludedCipherSuites);
+        });
+    }
+
+    public static void bindInternalAuth(Binder binder, AuthClientConfigs authClientConfigs)
+    {
+        bindHttpClientDefaults(binder, authClientConfigs);
+
+        InternalAuthenticationManager manager =
+                new InternalAuthenticationManager(
+                        authClientConfigs.getSharedSecret(),
+                        authClientConfigs.getNodeId(),
+                        authClientConfigs.isInternalJwtEnabled());
+
+        binder.bind(InternalAuthenticationManager.class).toInstance(manager);
+        binder.bind(AuthClientConfigs.class).toInstance(authClientConfigs);
+        httpClientBinder(binder).bindGlobalFilter(InternalAuthenticationManager.class);
+        jaxrsBinder(binder).bind(InternalAuthenticationFilter.class);
+    }
+
     private Module kerberosInternalCommunicationModule()
     {
         return binder -> {

@@ -18,6 +18,7 @@
 import com.facebook.airlift.log.Logger;
 import com.facebook.airlift.node.NodeInfo;
 import com.facebook.presto.security.BasicPrincipal;
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.hash.Hashing;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
@@ -43,6 +44,7 @@ public class InternalAuthenticationManager
     private final boolean internalJwtEnabled;
     private final byte[] hmac;
     private final String nodeId;
+    private final Optional<String> sharedSecret;
 
     @Inject
     public InternalAuthenticationManager(InternalCommunicationConfig internalCommunicationConfig, NodeInfo nodeInfo)
@@ -52,7 +54,7 @@ public InternalAuthenticationManager(InternalCommunicationConfig internalCommuni
 
     public InternalAuthenticationManager(Optional<String> sharedSecret, String nodeId, boolean internalJwtEnabled)
     {
-        requireNonNull(sharedSecret, "sharedSecret is null");
+        this.sharedSecret = requireNonNull(sharedSecret, "sharedSecret is null");
         requireNonNull(nodeId, "nodeId is null");
         this.internalJwtEnabled = internalJwtEnabled;
         if (internalJwtEnabled) {
@@ -130,4 +132,10 @@ public Request filterRequest(Request request)
                 .addHeader(PRESTO_INTERNAL_BEARER, generateJwt())
                 .build();
     }
+
+    @VisibleForTesting
+    public Optional<String> getSharedSecret()
+    {
+        return sharedSecret;
+    }
 }
@@ -15,6 +15,7 @@
 
 import com.facebook.airlift.log.Logger;
 import com.facebook.presto.Session;
+import com.facebook.presto.common.AuthClientConfigs;
 import com.facebook.presto.common.CatalogSchemaName;
 import com.facebook.presto.common.Page;
 import com.facebook.presto.common.QualifiedObjectName;
@@ -359,12 +360,13 @@ public void loadFunctionNamespaceManager(
             String functionNamespaceManagerName,
             String catalogName,
             Map<String, String> properties,
-            NodeManager nodeManager)
+            NodeManager nodeManager,
+            AuthClientConfigs authClientConfigs)
     {
         requireNonNull(functionNamespaceManagerName, "functionNamespaceManagerName is null");
         FunctionNamespaceManagerFactory factory = functionNamespaceManagerFactories.get(functionNamespaceManagerName);
         checkState(factory != null, "No factory for function namespace manager %s", functionNamespaceManagerName);
-        FunctionNamespaceManager<?> functionNamespaceManager = factory.create(catalogName, properties, new FunctionNamespaceManagerContext(this, nodeManager, this));
+        FunctionNamespaceManager<?> functionNamespaceManager = factory.create(catalogName, properties, new FunctionNamespaceManagerContext(this, nodeManager, this, authClientConfigs));
         functionNamespaceManager.setBlockEncodingSerde(blockEncodingSerde);
 
         transactionManager.registerFunctionNamespaceManager(catalogName, functionNamespaceManager);