[
https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13961267#comment-13961267
]
Harish Butani commented on HIVE-6738:
-------------------------------------
+1 for 0.13
> HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying
> intermediary
> ----------------------------------------------------------------------------------------
>
> Key: HIVE-6738
> URL: https://issues.apache.org/jira/browse/HIVE-6738
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Affects Versions: 0.13.0
> Reporter: Dilli Arumugam
> Assignee: Dilli Arumugam
> Fix For: 0.13.0
>
> Attachments: HIVE-6738.1.patch, HIVE-6738.patch,
> hive-6738-req-impl-verify-rev1.md, hive-6738-req-impl-verify.md
>
>
> See already implemented JIra
> https://issues.apache.org/jira/browse/HIVE-5155
> Support secure proxy user access to HiveServer2
> That fix expects the hive.server2.proxy.user parameter to come in Thrift body.
> When an intermediary gateway like Apache Knox is authenticating the end
> client and then proxying the request to HiveServer2, it is not practical for
> the intermediary like Apache Knox to modify thrift content.
> Intermediary like Apache Knox should be able to assert doAs in a query
> parameter. This paradigm is already established by other Hadoop ecosystem
> components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be
> aligned with them.
> The doAs asserted in query parameter should override if doAs specified in
> Thrift body.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
