[jira] [Commented] (PHOENIX-3598) Enable proxy access to Phoenix query server for third party on behalf of end users

Mon, 26 Jun 2017 13:34:40 -0700 

    [ 
https://issues.apache.org/jira/browse/PHOENIX-3598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16063730#comment-16063730
 ] 

ASF GitHub Bot commented on PHOENIX-3598:
-----------------------------------------

Github user joshelser commented on a diff in the pull request:

    https://github.com/apache/phoenix/pull/265#discussion_r124112286
  
    --- Diff: 
phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
 ---
    @@ -274,6 +282,47 @@ public int run(String[] args) throws Exception {
       }
     
       /**
    +   * Use the correctly way to extract end user.
    +   */
    +
    +  static class PhoenixRemoteUserExtractor implements RemoteUserExtractor{
    +    private final HttpQueryStringParameterRemoteUserExtractor 
paramRemoteUserExtractor;
    +    private final HttpRequestRemoteUserExtractor 
requestRemoteUserExtractor;
    +    private final boolean enableDoAs;
    +    private final String doAsParam;
    +
    +    public PhoenixRemoteUserExtractor(Configuration conf) {
    +      this.requestRemoteUserExtractor = new 
HttpRequestRemoteUserExtractor();
    +      this.doAsParam = conf.get(QueryServices.QUERY_SERVER_DOAS_PARAM,
    +              QueryServicesOptions.DEFAULT_QUERY_SERVER_DOAS_PARAM);
    +      this.paramRemoteUserExtractor = new 
HttpQueryStringParameterRemoteUserExtractor(doAsParam);
    +      this.enableDoAs = 
conf.getBoolean(QueryServices.QUERY_SERVER_DOAS_ENABLED_ATTRIB,
    +              QueryServicesOptions.DEFAULT_QUERY_SERVER_DOAS_ENABLED);
    +    }
    +
    +    @Override
    +    public String extract(HttpServletRequest request) throws 
RemoteUserExtractionException {
    +      if (request.getParameter(doAsParam) != null && enableDoAs) {
    +        String doAsUser = paramRemoteUserExtractor.extract(request);
    +        UserGroupInformation ugi = 
UserGroupInformation.createRemoteUser(request.getRemoteUser());
    +        UserGroupInformation proxyUser = 
UserGroupInformation.createProxyUser(doAsUser, ugi);
    +
    +        // Check if this user is allowed to be impersonated.
    +        // Will throw AuthorizationException if the impersonation as this 
user is not allowed
    +        try {
    +          ProxyUsers.authorize(proxyUser, request.getRemoteAddr());
    +          return doAsUser;
    +        } catch (AuthorizationException e) {
    +          throw new RemoteUserExtractionException(e.getMessage());
    --- End diff --
    
    Can the exception be passed into the RemoteUserExtractionException instead 
of just the message? (to preserve the stack trace)


> Enable proxy access to Phoenix query server for third party on behalf of end 
> users
> ----------------------------------------------------------------------------------
>
>                 Key: PHOENIX-3598
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-3598
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Jerry He
>            Assignee: Shi Wang
>         Attachments: 0001-PHOENIX-3598.patch
>
>
> This JIRA tracks the follow-on work of CALCITE-1539 needed on Phoenix query 
> server side.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to