Besides the builtin authentication methods, kyuubi supports custom authentication implementations of org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider.

  1. package org.apache.kyuubi.service.authentication
  2. import javax.security.sasl.AuthenticationException
  3. trait PasswdAuthenticationProvider {
  4. /**
  5. * The authenticate method is called by the Kyuubi Server authentication layer
  6. * to authenticate users for their requests.
  7. * If a user is to be granted, return nothing/throw nothing.
  8. * When a user is to be disallowed, throw an appropriate [[AuthenticationException]].
  9. *
  10. * @param user The username received over the connection request
  11. * @param password The password received over the connection request
  12. *
  13. * @throws AuthenticationException When a user is found to be invalid by the implementation
  14. */
  15. @throws[AuthenticationException]
  16. def authenticate(user: String, password: String): Unit
  17. }

Build A Custom Authenticator

To create custom Authenticator class derived from the above interface, we need to:

  • Referencing the library
  1. <dependency>
  2. <groupId>org.apache.kyuubi</groupId>
  3. <artifactId>kyuubi-common\_2.12</artifactId>
  4. <version>1.9.1</version>
  5. <scope>provided</scope>
  6. </dependency>

Enable Custom Authentication

To enable the custom authentication method, we need to

  • Put the jar package to $KYUUBI_HOME/jars directory to make it visible for the classpath of the kyuubi server.
  • Configure the following properties to $KYUUBI_HOME/conf/kyuubi-defaults.conf on each node where kyuubi server is installed.
  1. kyuubi.authentication=CUSTOM
  2. kyuubi.authentication.custom.class=YourAuthenticationProvider
  • Restart all the kyuubi server instances