[
https://issues.apache.org/jira/browse/HIVE-6800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13961227#comment-13961227
]
Thejas M Nair commented on HIVE-6800:
-------------------------------------
There is a thread safety issue here, ProxyUsers uses HashMap internally, and
refreshSuperUserGroupsConfiguration updates the hashmaps. If it gets updated
from two places, it could result in issues like getting stuck in an infinite
loop.
Also, when one thread is calling ProxyUsers.authorize, another thread might
clear the hashmap entries as it enters
ProxyUsers.refreshSuperUserGroupsConfiguration.
refreshSuperUserGroupsConfiguration also looks like an expensive operation. I
think we would be better to do it just once from HadoopShimsSecure .
> HiveServer2 is not passing proxy user setting through hive-site
> ---------------------------------------------------------------
>
> Key: HIVE-6800
> URL: https://issues.apache.org/jira/browse/HIVE-6800
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 0.13.0
> Reporter: Vaibhav Gumashta
> Assignee: Vaibhav Gumashta
> Fix For: 0.13.0
>
> Attachments: HIVE-6800.1.patch
>
>
> Setting the following in core-site.xml works fine in a secure cluster with
> hive.server2.allow.user.substitution set to true:
> {code}
> <property>
> <name>hadoop.proxyuser.user1.groups</name>
> <value>users</value>
> </property>
>
> <property>
> <name>hadoop.proxyuser.user1.hosts</name>
> <value>*</value>
> </property>
> {code}
> where user1 will be proxying for user2:
> {code}
> !connect
> jdbc:hive2:/myhostname:10000/;principal=hive/_h...@example.com;hive.server2.proxy.user=user2
> user1 fakepwd org.apache.hive.jdbc.HiveDriver
> {code}
> However, setting this in hive-site.xml throws "Failed to validate proxy
> privilage" exception.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
