Besides the builtin authentication methods, kyuubi supports custom authentication implementations of org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider.

  1. package org.apache.kyuubi.service.authentication
  3. import javax.security.sasl.AuthenticationException
  5. trait PasswdAuthenticationProvider {
  7.   /**
  8.    * The authenticate method is called by the Kyuubi Server authentication layer
  9.    * to authenticate users for their requests.
  10.    * If a user is to be granted, return nothing/throw nothing.
  11.    * When a user is to be disallowed, throw an appropriate [[AuthenticationException]].
  12.    *
  13.    * @param user     The username received over the connection request
  14.    * @param password The password received over the connection request
  15.    *
  16.    * @throws AuthenticationException When a user is found to be invalid by the implementation
  17.    */
  18.   @throws[AuthenticationException]
  19.   def authenticate(user: String, password: String): Unit
  20. }

Build A Custom Authenticator

To create custom Authenticator class derived from the above interface, we need to:

  • Referencing the library
  1. <dependency>
  2.    <groupId>org.apache.kyuubi</groupId>
  3.    <artifactId>kyuubi-common\_2.12</artifactId>
  4.    <version>1.9.1</version>
  5.    <scope>provided</scope>
  6. </dependency>

Enable Custom Authentication

To enable the custom authentication method, we need to

  • Put the jar package to $KYUUBI_HOME/jars directory to make it visible for the classpath of the kyuubi server.

  • Configure the following properties to $KYUUBI_HOME/conf/kyuubi-defaults.conf on each node where kyuubi server is installed.

  1. kyuubi.authentication=CUSTOM
  2. kyuubi.authentication.custom.class=YourAuthenticationProvider
  • Restart all the kyuubi server instances