[
https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dilli Arumugam updated HIVE-6738:
---------------------------------
Attachment: HIVE-6738.patch
Patch implementing the enhancement.
This has to go in after the patch for HIVE-6697 that is pending in queue is
merged.
> HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying
> intermediary
> ----------------------------------------------------------------------------------------
>
> Key: HIVE-6738
> URL: https://issues.apache.org/jira/browse/HIVE-6738
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Reporter: Dilli Arumugam
> Assignee: Dilli Arumugam
> Attachments: HIVE-6738.patch, hive-6738-req-impl-verify.md
>
>
> See already implemented JIra
> https://issues.apache.org/jira/browse/HIVE-5155
> Support secure proxy user access to HiveServer2
> That fix expects the hive.server2.proxy.user parameter to come in Thrift body.
> When an intermediary gateway like Apache Knox is authenticating the end
> client and then proxying the request to HiveServer2, it is not practical for
> the intermediary like Apache Knox to modify thrift content.
> Intermediary like Apache Knox should be able to assert doAs in a query
> parameter. This paradigm is already established by other Hadoop ecosystem
> components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be
> aligned with them.
> The doAs asserted in query parameter should override if doAs specified in
> Thrift body.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
