Data Source Authorization - JDBC Credential

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Data Source Authorization - JDBC Credential

Arpad Beregszaszi

Hi all,

 

I’m pretty new with Zeppeln and I need help with one problem regarding data source authorization as its described here:

 

https://zeppelin.apache.org/docs/0.7.0/security/datasource_authorization.html

 

I can successfully connect Zeppelin to my MySQL Server. Now I want to give different users access to their databases.

For that I want the JDBC interpreter to use different database credentials, depending on the Zeppelin user as defined in shiro.ini.

But when I create credential information, the JDBC interpreter doesn’t use them for the db connection, but the default username and password, which is empty.

My Interpreter Is instantiated per user.

 

Java.sql.SQLException: Access denied for user ‘ ‘ @ ‘IP‘ (using password: NO)

 

Anyone an idea of whats wrong?

Thanks, Arpad

 

 

 

 

 

 

 

 

 

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Data Source Authorization - JDBC Credential

moon
Administrator
Hi,

If you remove 

'default.user'
'default.password'

properties from jdbc interpreter setting, then Zeppelin will use database username and password from credential database for each user.

I also created a patch [1] to use credential database when 'default'.user' and 'default.password' is empty string.

Hope this helps.

Best,
moon


On Mon, Apr 10, 2017 at 3:37 AM Arpad Beregszaszi <[hidden email]> wrote:

Hi all,

 

I’m pretty new with Zeppeln and I need help with one problem regarding data source authorization as its described here:

 

https://zeppelin.apache.org/docs/0.7.0/security/datasource_authorization.html

 

I can successfully connect Zeppelin to my MySQL Server. Now I want to give different users access to their databases.

For that I want the JDBC interpreter to use different database credentials, depending on the Zeppelin user as defined in shiro.ini.

But when I create credential information, the JDBC interpreter doesn’t use them for the db connection, but the default username and password, which is empty.

My Interpreter Is instantiated per user.

 

Java.sql.SQLException: Access denied for user ‘ ‘ @ ‘IP‘ (using password: NO)

 

Anyone an idea of whats wrong?

Thanks, Arpad

 

 

 

 

 

 

 

 

 

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Data Source Authorization - JDBC Credential

Paul Brenner
Are credentials confirmed working with the JDBC interpreter? I’m trying to get jdbc working with snowflake. If I hardcore my username and password into the default url everything works great… but this of course won’t work in a multi user environment.

However, if I try to use default username, default password, or zeppelin credentials I get stuck at "java.sql.SQLException: Missing user name.”

Sounds like a different issue than the OP.

Paul Brenner
DATA SCIENTIST
(217) 390-3033  

PlaceIQ:Location Data Accuracy

On Thu, Apr 20, 2017 at 8:49 PM moon soo Lee <">moon soo Lee > wrote:
Hi,

If you remove 

'default.user'
'default.password'

properties from jdbc interpreter setting, then Zeppelin will use database username and password from credential database for each user.

I also created a patch [1] to use credential database when 'default'.user' and 'default.password' is empty string.

Hope this helps.

Best,
moon


On Mon, Apr 10, 2017 at 3:37 AM Arpad Beregszaszi <[hidden email]> wrote:

Hi all,

 

I’m pretty new with Zeppeln and I need help with one problem regarding data source authorization as its described here:

 

https://zeppelin.apache.org/docs/0.7.0/security/datasource_authorization.html

 

I can successfully connect Zeppelin to my MySQL Server. Now I want to give different users access to their databases.

For that I want the JDBC interpreter to use different database credentials, depending on the Zeppelin user as defined in shiro.ini.

But when I create credential information, the JDBC interpreter doesn’t use them for the db connection, but the default username and password, which is empty.

My Interpreter Is instantiated per user.

 

Java.sql.SQLException: Access denied for user ‘ ‘ @ ‘IP‘ (using password: NO)

 

Anyone an idea of whats wrong?

Thanks, Arpad

 

 

 

 

 

 

 

 

 

 


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Data Source Authorization - JDBC Credential

moon
Administrator
Hi,

Which version of Zeppelin are you using? Have you tried remove 'default.user' and 'default.password' property from interpreter menu and create entity in credential menu?

Thanks,
moon

On Fri, Apr 21, 2017 at 11:55 AM Paul Brenner <[hidden email]> wrote:
Are credentials confirmed working with the JDBC interpreter? I’m trying to get jdbc working with snowflake. If I hardcore my username and password into the default url everything works great… but this of course won’t work in a multi user environment.

However, if I try to use default username, default password, or zeppelin credentials I get stuck at "java.sql.SQLException: Missing user name.”

Sounds like a different issue than the OP.

Paul Brenner
DATA SCIENTIST
<a href="tel:(217)%20390-3033" value="+12173903033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy

On Thu, Apr 20, 2017 at 8:49 PM moon soo Lee <[hidden email]> wrote:
Hi,

If you remove 

'default.user'
'default.password'

properties from jdbc interpreter setting, then Zeppelin will use database username and password from credential database for each user.

I also created a patch [1] to use credential database when 'default'.user' and 'default.password' is empty string.

Hope this helps.

Best,
moon


On Mon, Apr 10, 2017 at 3:37 AM Arpad Beregszaszi <[hidden email]> wrote:

Hi all,

 

I’m pretty new with Zeppeln and I need help with one problem regarding data source authorization as its described here:

 

https://zeppelin.apache.org/docs/0.7.0/security/datasource_authorization.html

 

I can successfully connect Zeppelin to my MySQL Server. Now I want to give different users access to their databases.

For that I want the JDBC interpreter to use different database credentials, depending on the Zeppelin user as defined in shiro.ini.

But when I create credential information, the JDBC interpreter doesn’t use them for the db connection, but the default username and password, which is empty.

My Interpreter Is instantiated per user.

 

Java.sql.SQLException: Access denied for user ‘ ‘ @ ‘IP‘ (using password: NO)

 

Anyone an idea of whats wrong?

Thanks, Arpad

 

 

 

 

 

 

 

 

 

 


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Data Source Authorization - JDBC Credential

Paul Brenner
Using 0.7.1 and yes I tried removing default.user/default.password after setting my credentials in the credentials section. It did not work. 

I found that actually setting the correct value for default.user did not work either. Same error. It seems like the zeppelin jdbc interpreter is not passing the defined user and password to the snowflake jdbc connector. 

However, I also was unable to set the zeppelin.jdbc.auth.type. I saw it should be able to take “SIMPLE” or “KERBEROS” as a value. Either option results in "java.lang.ClassNotFoundException: org.apache.hadoop.security.UserGroupInformation$AuthenticationMethod”. I’m not sure if that is related.

One more question. Here is what I see in the log files:
 INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.auth.type INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: common, value: max_count INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.principal INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: interpreter.localRepo INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: default, value: url INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: default, value: driver INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.keytab.location INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.concurrent.use INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.concurrent.max_connection ERROR [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:177) - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.

To make that a bit more readable I can trim it down to…
 INFO  - key: zeppelin, value: jdbc.auth.type
 INFO  - key: common, value: max_count
 INFO  - key: zeppelin, value: jdbc.principal
 INFO  - key: zeppelin, value: interpreter.localRepo
 INFO  - key: default, value: url
 INFO  - key: default, value: driver
 INFO  - key: zeppelin, value: jdbc.keytab.location
 INFO  - key: zeppelin, value: jdbc.concurrent.use
 INFO  - key: zeppelin, value: jdbc.concurrent.max_connection
ERROR  - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.

So I can confirm that it isn’t trying to grab the default.user, but I don’t see anything that indicates it is trying to use credentials… Also is that ERROR relevant? 

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Sat, Apr 22, 2017 at 1:21 AM moon soo Lee <">moon soo Lee > wrote:
Hi,

Which version of Zeppelin are you using? Have you tried remove 'default.user' and 'default.password' property from interpreter menu and create entity in credential menu?

Thanks,
moon

On Fri, Apr 21, 2017 at 11:55 AM Paul Brenner <[hidden email]> wrote:
Are credentials confirmed working with the JDBC interpreter? I’m trying to get jdbc working with snowflake. If I hardcore my username and password into the default url everything works great… but this of course won’t work in a multi user environment.

However, if I try to use default username, default password, or zeppelin credentials I get stuck at "java.sql.SQLException: Missing user name.”

Sounds like a different issue than the OP.

Paul Brenner
DATA SCIENTIST
<a href="tel:(217)%20390-3033" value="+12173903033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy

On Thu, Apr 20, 2017 at 8:49 PM moon soo Lee <[hidden email]> wrote:
Hi,

If you remove 

'default.user'
'default.password'

properties from jdbc interpreter setting, then Zeppelin will use database username and password from credential database for each user.

I also created a patch [1] to use credential database when 'default'.user' and 'default.password' is empty string.

Hope this helps.

Best,
moon


On Mon, Apr 10, 2017 at 3:37 AM Arpad Beregszaszi <[hidden email]> wrote:

Hi all,

 

I’m pretty new with Zeppeln and I need help with one problem regarding data source authorization as its described here:

 

https://zeppelin.apache.org/docs/0.7.0/security/datasource_authorization.html

 

I can successfully connect Zeppelin to my MySQL Server. Now I want to give different users access to their databases.

For that I want the JDBC interpreter to use different database credentials, depending on the Zeppelin user as defined in shiro.ini.

But when I create credential information, the JDBC interpreter doesn’t use them for the db connection, but the default username and password, which is empty.

My Interpreter Is instantiated per user.

 

Java.sql.SQLException: Access denied for user ‘ ‘ @ ‘IP‘ (using password: NO)

 

Anyone an idea of whats wrong?

Thanks, Arpad

 

 

 

 

 

 

 

 

 

 



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Data Source Authorization - JDBC Credential

moon
Administrator
Hmm that's strange. I can see 0.7.1 works as expected when I remove default.user/default.password and then set credential. Also i can set default.user, default.password without using credential menu and it works as expected as well.

Have you tried restart interpreter after create/update entity in credential menu? Credential does not apply until interpreter is restarted.

Thanks,
moon

On Sat, Apr 22, 2017 at 4:42 AM Paul Brenner <[hidden email]> wrote:
Using 0.7.1 and yes I tried removing default.user/default.password after setting my credentials in the credentials section. It did not work. 

I found that actually setting the correct value for default.user did not work either. Same error. It seems like the zeppelin jdbc interpreter is not passing the defined user and password to the snowflake jdbc connector. 

However, I also was unable to set the zeppelin.jdbc.auth.type. I saw it should be able to take “SIMPLE” or “KERBEROS” as a value. Either option results in "java.lang.ClassNotFoundException: org.apache.hadoop.security.UserGroupInformation$AuthenticationMethod”. I’m not sure if that is related.

One more question. Here is what I see in the log files:
 INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.auth.type INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: common, value: max_count INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.principal INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: interpreter.localRepo INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: default, value: url INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: default, value: driver INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.keytab.location INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.concurrent.use INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.concurrent.max_connection ERROR [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:177) - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.

To make that a bit more readable I can trim it down to…
 INFO  - key: zeppelin, value: jdbc.auth.type
 INFO  - key: common, value: max_count
 INFO  - key: zeppelin, value: jdbc.principal
 INFO  - key: zeppelin, value: interpreter.localRepo
 INFO  - key: default, value: url
 INFO  - key: default, value: driver
 INFO  - key: zeppelin, value: jdbc.keytab.location
 INFO  - key: zeppelin, value: jdbc.concurrent.use
 INFO  - key: zeppelin, value: jdbc.concurrent.max_connection
ERROR  - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.

So I can confirm that it isn’t trying to grab the default.user, but I don’t see anything that indicates it is trying to use credentials… Also is that ERROR relevant? 

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Sat, Apr 22, 2017 at 1:21 AM moon soo Lee <[hidden email]> wrote:
Hi,

Which version of Zeppelin are you using? Have you tried remove 'default.user' and 'default.password' property from interpreter menu and create entity in credential menu?

Thanks,
moon

On Fri, Apr 21, 2017 at 11:55 AM Paul Brenner <[hidden email]> wrote:
Are credentials confirmed working with the JDBC interpreter? I’m trying to get jdbc working with snowflake. If I hardcore my username and password into the default url everything works great… but this of course won’t work in a multi user environment.

However, if I try to use default username, default password, or zeppelin credentials I get stuck at "java.sql.SQLException: Missing user name.”

Sounds like a different issue than the OP.

Paul Brenner
DATA SCIENTIST
<a href="tel:(217)%20390-3033" value="+12173903033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy

On Thu, Apr 20, 2017 at 8:49 PM moon soo Lee <[hidden email]> wrote:
Hi,

If you remove 

'default.user'
'default.password'

properties from jdbc interpreter setting, then Zeppelin will use database username and password from credential database for each user.

I also created a patch [1] to use credential database when 'default'.user' and 'default.password' is empty string.

Hope this helps.

Best,
moon


On Mon, Apr 10, 2017 at 3:37 AM Arpad Beregszaszi <[hidden email]> wrote:

Hi all,

 

I’m pretty new with Zeppeln and I need help with one problem regarding data source authorization as its described here:

 

https://zeppelin.apache.org/docs/0.7.0/security/datasource_authorization.html

 

I can successfully connect Zeppelin to my MySQL Server. Now I want to give different users access to their databases.

For that I want the JDBC interpreter to use different database credentials, depending on the Zeppelin user as defined in shiro.ini.

But when I create credential information, the JDBC interpreter doesn’t use them for the db connection, but the default username and password, which is empty.

My Interpreter Is instantiated per user.

 

Java.sql.SQLException: Access denied for user ‘ ‘ @ ‘IP‘ (using password: NO)

 

Anyone an idea of whats wrong?

Thanks, Arpad

 

 

 

 

 

 

 

 

 

 



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Data Source Authorization - JDBC Credential

Paul Brenner
I have restarted interpreter after creating the entity in credential menu. It still doesn’t work. I think that, because this issue occurs with both credentials and when I set default.user, it is somehow an issue with how the snowflake driver is connecting with zeppelin’s jdbc driver. I tried tracing through the code on both ends but didn’t see any obvious issues. The stack trace shows the path the information is trying to travel:

ava.sql.SQLException: Missing user name.
at net.snowflake.client.jdbc.SnowflakeConnectionV1.<init>(SnowflakeConnectionV1.java:209)
at net.snowflake.client.jdbc.SnowflakeDriver.connect(SnowflakeDriver.java:350)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79)
at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205)
at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:836)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:434)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:361)
at org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:354)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:372)
at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:564)
at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:692)
at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:95)
at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:490)
at org.apache.zeppelin.scheduler.Job.run(Job.java:175)
at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)


So the user information looks like it should be passing out of the zeppelin jdbc interpreter into java.sql.DriverManager. Is that what is happening in the working version you are testing with? If I can hunt down any better information about how the user/pass is being passed to java.sql.DriverManager I might be able to get some help from the snowflake people… perhaps it is an issue on their side? 

I see the following in JDBCInterpreter.java:

 String user = interpreterContext.getAuthenticationInfo().getUser()

can I assume that is passing the proper user info to java.sql.DriverManager?
Paul Brenner
DATA SCIENTIST
(217) 390-3033  

PlaceIQ:Location Data Accuracy

On Sat, Apr 22, 2017 at 11:16 PM moon soo Lee <">moon soo Lee > wrote:
Hmm that's strange. I can see 0.7.1 works as expected when I remove default.user/default.password and then set credential. Also i can set default.user, default.password without using credential menu and it works as expected as well.

Have you tried restart interpreter after create/update entity in credential menu? Credential does not apply until interpreter is restarted.

Thanks,
moon

On Sat, Apr 22, 2017 at 4:42 AM Paul Brenner <[hidden email]> wrote:
Using 0.7.1 and yes I tried removing default.user/default.password after setting my credentials in the credentials section. It did not work. 

I found that actually setting the correct value for default.user did not work either. Same error. It seems like the zeppelin jdbc interpreter is not passing the defined user and password to the snowflake jdbc connector. 

However, I also was unable to set the zeppelin.jdbc.auth.type. I saw it should be able to take “SIMPLE” or “KERBEROS” as a value. Either option results in "java.lang.ClassNotFoundException: org.apache.hadoop.security.UserGroupInformation$AuthenticationMethod”. I’m not sure if that is related.

One more question. Here is what I see in the log files:
 INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.auth.type INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: common, value: max_count INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.principal INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: interpreter.localRepo INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: default, value: url INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: default, value: driver INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.keytab.location INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.concurrent.use INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.concurrent.max_connection ERROR [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:177) - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.

To make that a bit more readable I can trim it down to…
 INFO  - key: zeppelin, value: jdbc.auth.type
 INFO  - key: common, value: max_count
 INFO  - key: zeppelin, value: jdbc.principal
 INFO  - key: zeppelin, value: interpreter.localRepo
 INFO  - key: default, value: url
 INFO  - key: default, value: driver
 INFO  - key: zeppelin, value: jdbc.keytab.location
 INFO  - key: zeppelin, value: jdbc.concurrent.use
 INFO  - key: zeppelin, value: jdbc.concurrent.max_connection
ERROR  - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.

So I can confirm that it isn’t trying to grab the default.user, but I don’t see anything that indicates it is trying to use credentials… Also is that ERROR relevant? 

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Sat, Apr 22, 2017 at 1:21 AM moon soo Lee <[hidden email]> wrote:
Hi,

Which version of Zeppelin are you using? Have you tried remove 'default.user' and 'default.password' property from interpreter menu and create entity in credential menu?

Thanks,
moon

On Fri, Apr 21, 2017 at 11:55 AM Paul Brenner <[hidden email]> wrote:
Are credentials confirmed working with the JDBC interpreter? I’m trying to get jdbc working with snowflake. If I hardcore my username and password into the default url everything works great… but this of course won’t work in a multi user environment.

However, if I try to use default username, default password, or zeppelin credentials I get stuck at "java.sql.SQLException: Missing user name.”

Sounds like a different issue than the OP.

Paul Brenner
DATA SCIENTIST
<a href="tel:(217)%20390-3033" value="+12173903033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy

On Thu, Apr 20, 2017 at 8:49 PM moon soo Lee <[hidden email]> wrote:
Hi,

If you remove 

'default.user'
'default.password'

properties from jdbc interpreter setting, then Zeppelin will use database username and password from credential database for each user.

I also created a patch [1] to use credential database when 'default'.user' and 'default.password' is empty string.

Hope this helps.

Best,
moon


On Mon, Apr 10, 2017 at 3:37 AM Arpad Beregszaszi <[hidden email]> wrote:

Hi all,

 

I’m pretty new with Zeppeln and I need help with one problem regarding data source authorization as its described here:

 

https://zeppelin.apache.org/docs/0.7.0/security/datasource_authorization.html

 

I can successfully connect Zeppelin to my MySQL Server. Now I want to give different users access to their databases.

For that I want the JDBC interpreter to use different database credentials, depending on the Zeppelin user as defined in shiro.ini.

But when I create credential information, the JDBC interpreter doesn’t use them for the db connection, but the default username and password, which is empty.

My Interpreter Is instantiated per user.

 

Java.sql.SQLException: Access denied for user ‘ ‘ @ ‘IP‘ (using password: NO)

 

Anyone an idea of whats wrong?

Thanks, Arpad

 

 

 

 

 

 

 

 

 

 




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Data Source Authorization - JDBC Credential

moon
Administrator
I think actual user passed to JDBC driver is retrieved here  https://github.com/apache/zeppelin/blob/v0.7.1/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java#L322


On Tue, Apr 25, 2017 at 11:15 AM Paul Brenner <[hidden email]> wrote:
I have restarted interpreter after creating the entity in credential menu. It still doesn’t work. I think that, because this issue occurs with both credentials and when I set default.user, it is somehow an issue with how the snowflake driver is connecting with zeppelin’s jdbc driver. I tried tracing through the code on both ends but didn’t see any obvious issues. The stack trace shows the path the information is trying to travel:

ava.sql.SQLException: Missing user name.
at net.snowflake.client.jdbc.SnowflakeConnectionV1.<init>(SnowflakeConnectionV1.java:209)
at net.snowflake.client.jdbc.SnowflakeDriver.connect(SnowflakeDriver.java:350)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79)
at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205)
at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:836)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:434)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:361)
at org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:354)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:372)
at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:564)
at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:692)
at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:95)
at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:490)
at org.apache.zeppelin.scheduler.Job.run(Job.java:175)
at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)


So the user information looks like it should be passing out of the zeppelin jdbc interpreter into java.sql.DriverManager. Is that what is happening in the working version you are testing with? If I can hunt down any better information about how the user/pass is being passed to java.sql.DriverManager I might be able to get some help from the snowflake people… perhaps it is an issue on their side? 

I see the following in JDBCInterpreter.java:

 String user = interpreterContext.getAuthenticationInfo().getUser()

can I assume that is passing the proper user info to java.sql.DriverManager?
Paul Brenner
DATA SCIENTIST
<a href="tel:(217)%20390-3033" value="+12173903033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy

On Sat, Apr 22, 2017 at 11:16 PM moon soo Lee <[hidden email]> wrote:
Hmm that's strange. I can see 0.7.1 works as expected when I remove default.user/default.password and then set credential. Also i can set default.user, default.password without using credential menu and it works as expected as well.

Have you tried restart interpreter after create/update entity in credential menu? Credential does not apply until interpreter is restarted.

Thanks,
moon

On Sat, Apr 22, 2017 at 4:42 AM Paul Brenner <[hidden email]> wrote:
Using 0.7.1 and yes I tried removing default.user/default.password after setting my credentials in the credentials section. It did not work. 

I found that actually setting the correct value for default.user did not work either. Same error. It seems like the zeppelin jdbc interpreter is not passing the defined user and password to the snowflake jdbc connector. 

However, I also was unable to set the zeppelin.jdbc.auth.type. I saw it should be able to take “SIMPLE” or “KERBEROS” as a value. Either option results in "java.lang.ClassNotFoundException: org.apache.hadoop.security.UserGroupInformation$AuthenticationMethod”. I’m not sure if that is related.

One more question. Here is what I see in the log files:
 INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.auth.type INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: common, value: max_count INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.principal INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: interpreter.localRepo INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: default, value: url INFO [2017-04-22 11:37:48,598] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: default, value: driver INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.keytab.location INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.concurrent.use INFO [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:159) - key: zeppelin, value: jdbc.concurrent.max_connection ERROR [2017-04-22 11:37:48,601] ({pool-2-thread-2} JDBCInterpreter.java[open]:177) - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.

To make that a bit more readable I can trim it down to…
 INFO  - key: zeppelin, value: jdbc.auth.type
 INFO  - key: common, value: max_count
 INFO  - key: zeppelin, value: jdbc.principal
 INFO  - key: zeppelin, value: interpreter.localRepo
 INFO  - key: default, value: url
 INFO  - key: default, value: driver
 INFO  - key: zeppelin, value: jdbc.keytab.location
 INFO  - key: zeppelin, value: jdbc.concurrent.use
 INFO  - key: zeppelin, value: jdbc.concurrent.max_connection
ERROR  - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.

So I can confirm that it isn’t trying to grab the default.user, but I don’t see anything that indicates it is trying to use credentials… Also is that ERROR relevant? 

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Sat, Apr 22, 2017 at 1:21 AM moon soo Lee <[hidden email]> wrote:
Hi,

Which version of Zeppelin are you using? Have you tried remove 'default.user' and 'default.password' property from interpreter menu and create entity in credential menu?

Thanks,
moon

On Fri, Apr 21, 2017 at 11:55 AM Paul Brenner <[hidden email]> wrote:
Are credentials confirmed working with the JDBC interpreter? I’m trying to get jdbc working with snowflake. If I hardcore my username and password into the default url everything works great… but this of course won’t work in a multi user environment.

However, if I try to use default username, default password, or zeppelin credentials I get stuck at "java.sql.SQLException: Missing user name.”

Sounds like a different issue than the OP.

Paul Brenner
DATA SCIENTIST
<a href="tel:(217)%20390-3033" value="+12173903033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy

On Thu, Apr 20, 2017 at 8:49 PM moon soo Lee <[hidden email]> wrote:
Hi,

If you remove 

'default.user'
'default.password'

properties from jdbc interpreter setting, then Zeppelin will use database username and password from credential database for each user.

I also created a patch [1] to use credential database when 'default'.user' and 'default.password' is empty string.

Hope this helps.

Best,
moon


On Mon, Apr 10, 2017 at 3:37 AM Arpad Beregszaszi <[hidden email]> wrote:

Hi all,

 

I’m pretty new with Zeppeln and I need help with one problem regarding data source authorization as its described here:

 

https://zeppelin.apache.org/docs/0.7.0/security/datasource_authorization.html

 

I can successfully connect Zeppelin to my MySQL Server. Now I want to give different users access to their databases.

For that I want the JDBC interpreter to use different database credentials, depending on the Zeppelin user as defined in shiro.ini.

But when I create credential information, the JDBC interpreter doesn’t use them for the db connection, but the default username and password, which is empty.

My Interpreter Is instantiated per user.

 

Java.sql.SQLException: Access denied for user ‘ ‘ @ ‘IP‘ (using password: NO)

 

Anyone an idea of whats wrong?

Thanks, Arpad

 

 

 

 

 

 

 

 

 

 




Loading...