Creating Custom Authenticators

Administrators can use the template provided here to develop and implement a custom username/password based authenticator.

Complete the following steps to build and implement a custom authenticator:

  1. Build the following Java file into a JAR file:

        MyCustomDrillUserAuthenticatorImpl.java
    
        package myorg.dept.drill.security;
    
        import org.apache.drill.common.config.DrillConfig;
        import org.apache.drill.exec.exception.DrillbitStartupException;
        import org.apache.drill.exec.rpc.user.security.UserAuthenticator;
        import org.apache.drill.exec.rpc.user.security.UserAuthenticationException;
        import org.apache.drill.exec.rpc.user.security.UserAuthenticatorTemplate;
    
        import java.io.IOException;
    
        /*
        * Implement {@link org.apache.drill.exec.rpc.user.security.UserAuthenticator} for illustrating how to develop a custom authenticator and use it in Drill
        */
        @UserAuthenticatorTemplate(type = "myCustomAuthenticatorType")
        public class MyCustomDrillUserAuthenticatorImpl implements UserAuthenticator {
    
         public static final String TEST_USER_1 = "testUser1";
         public static final String TEST_USER_2 = "testUser2";
         public static final String TEST_USER_1_PASSWORD = "testUser1Password";
         public static final String TEST_USER_2_PASSWORD = "testUser2Password";
    
        /**
        * Setup for authenticating user credentials.
        */
         @Override
         public void setup(DrillConfig drillConfig) throws DrillbitStartupException {
           // If the authenticator has any setup such as making sure authenticator provider servers are up and running or
           // needed libraries are available, it should be added here.
         }
    
        /**
        * Authenticate the given <i>user</i> and <i>password</i> combination.
        *
        * @param userName
        * @param password
        * @throws UserAuthenticationException if authentication fails for given user and password.
        */
         @Override
         public void authenticate(String userName, String password) throws UserAuthenticationException {
    
           if (!(TEST_USER_1.equals(userName) && TEST_USER_1_PASSWORD.equals(password)) &&
           !(TEST_USER_2.equals(userName) && TEST_USER_2_PASSWORD.equals(password))) {
         throw new UserAuthenticationException("custom failure message if the admin wants to show it to user");
           }
         }
    
        /**
        * Close the authenticator. Used to release resources. Ex. LDAP authenticator opens connections to LDAP server,
        * such connections resources are released in a safe manner as part of close.
        *
        * @throws IOException
        */
         @Override
         public void close() throws IOException {
           // Any clean up such as releasing files/network resources should be done here
         }
        }
    
  2. Create a file named drill-module.conf with the following configuration code and then add this file to the root of the JAR file:

           drill {
             classpath.scanning {
               packages += "myorg.dept.drill.security"
             }
           } This enables the custom classpath scanner to locate the new class.
    
  3. Add the JAR file that you built to the following directory on each Drill node: ` /jars`
  4. Add the following configuration to the drill.exec block in the drill-override.conf file located in <DRILLINSTALL_HOME>/conf/:

           drill.exec {
            security.user.auth {
             	enabled: true,
             	packages += "myorg.dept.drill.security",
             	impl: "myCustomAuthenticatorType"
            }
           }
    
  5. Restart the Drillbit process on each Drill node.

     <DRILLINSTALL_HOME>/bin/drillbit.sh restart