----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13845/#review36906 -----------------------------------------------------------
service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java <https://reviews.apache.org/r/13845/#comment68096> In case of a non-kerberos setup, this will do a doAs twice: one time using TUGIContainingProcessor and the second time at the session level. Actually getting rid of doAs at thrift processor level is a good idea since it ensures proper cleanup, but it might involve more work. HIVE-6312 aims to do that (patch available). I'm not sure if doing doAs twice will lead to any new issues (I don't think so). - Vaibhav Gumashta On March 10, 2014, 6:39 p.m., Prasad Mujumdar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/13845/ > ----------------------------------------------------------- > > (Updated March 10, 2014, 6:39 p.m.) > > > Review request for hive, Brock Noland, Carl Steinbach, and Thejas Nair. > > > Bugs: HIVE-5155 > https://issues.apache.org/jira/browse/HIVE-5155 > > > Repository: hive-git > > > Description > ------- > > Delegation token support - > Enable delegation token connection for HiveServer2 > Enhance the TCLIService interface to support delegation token requests > Support passing the delegation token connection type via JDBC URL and Beeline > option > > Direct proxy access - > Define new proxy user property > Shim interfaces to validate proxy access for a given user > > Note that the diff doesn't include thrift generated code. > > > Diffs > ----- > > beeline/pom.xml 02bfaaa > beeline/src/java/org/apache/hive/beeline/BeeLine.java e63a3b0 > beeline/src/java/org/apache/hive/beeline/BeeLineOpts.java 91e20ec > beeline/src/java/org/apache/hive/beeline/Commands.java d2d7fd3 > beeline/src/java/org/apache/hive/beeline/DatabaseConnection.java 94178ef > beeline/src/test/org/apache/hive/beeline/ProxyAuthTest.java PRE-CREATION > common/src/java/org/apache/hadoop/hive/conf/HiveConf.java edc3d38 > conf/hive-default.xml.template a5a85b4 > data/files/ProxyAuth.res PRE-CREATION > itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java > 8210e75 > jdbc/src/java/org/apache/hadoop/hive/jdbc/HiveConnection.java d08e05b > jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java 607fc7a > jdbc/src/java/org/apache/hive/jdbc/Utils.java 608837e > service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java d8ba3aa > service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java > 71dc592 > service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java 15b1675 > service/src/java/org/apache/hive/service/cli/CLIService.java 2b1e712 > service/src/java/org/apache/hive/service/cli/CLIServiceClient.java b9d1489 > service/src/java/org/apache/hive/service/cli/EmbeddedCLIServiceClient.java > a31ea94 > service/src/java/org/apache/hive/service/cli/ICLIService.java 621d689 > service/src/java/org/apache/hive/service/cli/session/HiveSession.java > c8fb8ec > service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java > d6d0d27 > > service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java > b934ebe > service/src/java/org/apache/hive/service/cli/session/SessionManager.java > cec3b04 > service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java > 26bda5a > > service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIServiceClient.java > 3675e86 > service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java > 8fa4afd > service/src/test/org/apache/hive/service/cli/session/TestSessionHooks.java > 2fac800 > shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java > 51c8051 > > shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java > e205caa > > shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java > 29114f0 > > shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java > dc89de1 > shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java > e15ab4e > > shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java > 03f4e51 > > Diff: https://reviews.apache.org/r/13845/diff/ > > > Testing > ------- > > Since this requires kerberos setup, its tested by a standalone test program > that runs various existing and new secure connection scenarios. The test code > is attached to the ticket at > https://issues.apache.org/jira/secure/attachment/12600119/ProxyAuth.java > > > Thanks, > > Prasad Mujumdar > >