[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13951261#comment-13951261 ]
Dilli Arumugam commented on HIVE-6738: -------------------------------------- Thanks Thejas for the review. Would revise code to accommodate for both comments. Then, attach a new patch. > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > ---------------------------------------------------------------------------------------- > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 > Reporter: Dilli Arumugam > Assignee: Dilli Arumugam > Attachments: HIVE-6738.patch, hive-6738-req-impl-verify-rev1.md, > hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)