Author: khorgath
Date: Thu May 8 23:35:15 2014
New Revision: 1593460
URL: http://svn.apache.org/r1593460
Log:
HIVE-6957 : SQL authorization does not work with HS2 binary mode and Kerberos
auth (Thejas Nair, reviewed by Vaibhav Gumashta)
(from
https://issues.apache.org/jira/secure/attachment/12641964/HIVE-6957.04-branch.0.13.patch)
Modified:
hive/branches/branch-0.13/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
Modified:
hive/branches/branch-0.13/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
URL:
http://svn.apache.org/viewvc/hive/branches/branch-0.13/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java?rev=1593460&r1=1593459&r2=1593460&view=diff
==============================================================================
---
hive/branches/branch-0.13/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
(original)
+++
hive/branches/branch-0.13/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
Thu May 8 23:35:15 2014
@@ -609,6 +609,7 @@ public class HadoopThriftAuthBridge20S e
clientUgi = UserGroupInformation.createProxyUser(
endUser, UserGroupInformation.getLoginUser());
remoteUser.set(clientUgi.getShortUserName());
+ LOG.debug("Set remoteUser :" + remoteUser.get());
return clientUgi.doAs(new PrivilegedExceptionAction<Boolean>() {
@Override
public Boolean run() {
@@ -620,7 +621,10 @@ public class HadoopThriftAuthBridge20S e
}
});
} else {
- remoteUser.set(endUser);
+ // use the short user name for the request
+ UserGroupInformation endUserUgi =
UserGroupInformation.createRemoteUser(endUser);
+ remoteUser.set(endUserUgi.getShortUserName());
+ LOG.debug("Set remoteUser :" + remoteUser.get() + ", from endUser
:" + endUser);
return wrapped.process(inProt, outProt);
}
} catch (RuntimeException rte) {
