Creating Custom Authenticators

Mar 2, 2016

Administrators can use the template provided here to develop and implement a custom username/password based authenticator.

Complete the following steps to build and implement a custom authenticator:

  1. Build the following Java file into a JAR file: 
       import org.apache.drill.common.config.DrillConfig;
       import org.apache.drill.exec.exception.DrillbitStartupException;
       * Implement {@link} for illustraing how to develop a custom authenticator and use it in Drill
       @UserAuthenticatorTemplate(type = “myCustomAuthenticatorType”)
       public class MyCustomDrillUserAuthenticatorImpl implements UserAuthenticator {
        public static final String TEST_USER_1 = "testUser1";
        public static final String TEST_USER_2 = "testUser2";
        public static final String TEST_USER_1_PASSWORD = "testUser1Password";
        public static final String TEST_USER_2_PASSWORD = "testUser2Password";
       * Setup for authenticating user credentials.
        public void setup(DrillConfig drillConfig) throws DrillbitStartupException {
          // If the authenticator has any setup such as making sure authenticator provider servers are up and running or 
          // needed libraries are available, it should be added here.
       * Authenticate the given <i>user</i> and <i>password</i> combination.
       * @param userName
       * @param password
       * @throws UserAuthenticationException if authentication fails for given user and password.
        public void authenticate(String userName, String password) throws UserAuthenticationException {
          if (!(TEST_USER_1.equals(user) && TEST_USER_1_PASSWORD.equals(password)) &&
          !(TEST_USER_2.equals(user) && TEST_USER_2_PASSWORD.equals(password))) {
        throw new UserAuthenticationException(“custom failure message if the admin wants to show it to user”);
       * Close the authenticator. Used to release resources. Ex. LDAP authenticator opens connections to LDAP server,
       * such connections resources are released in a safe manner as part of close.
       * @throws IOException
        public void close() throws IOException {
          // Any clean up such as releasing files/network resources should be done here
  2. Create a file named drill-module.conf with the following configuration code and then add this file to the root of the JAR file:

          drill {
            classpath.scanning {
              packages += ""

    This enables the custom classpath scanner to locate the new class.

  3. Add the JAR file that you built to the following directory on each Drill node:

  4. Add the following configuration to the drill.exec block in the drill-override.conf file located in <DRILLINSTALL_HOME>/conf/:

          drill.exec {
           security.user.auth {
                enabled: true,
                packages += "",
                impl: "myCustomAuthenticatorType"
  5. Restart the Drillbit process on each Drill node.

    <DRILLINSTALL_HOME>/bin/ restart