[ https://issues.apache.org/jira/browse/PHOENIX-3598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16065599#comment-16065599 ]
ASF GitHub Bot commented on PHOENIX-3598: ----------------------------------------- Github user Wancy commented on a diff in the pull request: https://github.com/apache/phoenix/pull/265#discussion_r124413815 --- Diff: phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java --- @@ -273,6 +282,54 @@ public int run(String[] args) throws Exception { } } + // add remoteUserExtractor to builder if enabled + @VisibleForTesting + public void setRemoteUserExtractorIfNecessary(HttpServer.Builder builder, Configuration conf) { + if (conf.getBoolean(QueryServices.QUERY_SERVER_WITH_REMOTEUSEREXTRACTOR_ATTRIB, + QueryServicesOptions.DEFAULT_QUERY_SERVER_WITH_REMOTEUSEREXTRACTOR)) { + builder.withRemoteUserExtractor(new PhoenixRemoteUserExtractor(conf)); + } + } + + /** + * Use the correctly way to extract end user. + */ + + static class PhoenixRemoteUserExtractor implements RemoteUserExtractor{ + private final HttpQueryStringParameterRemoteUserExtractor paramRemoteUserExtractor; + private final HttpRequestRemoteUserExtractor requestRemoteUserExtractor; + private final String userExtractParam; + + public PhoenixRemoteUserExtractor(Configuration conf) { + this.requestRemoteUserExtractor = new HttpRequestRemoteUserExtractor(); + this.userExtractParam = conf.get(QueryServices.QUERY_SERVER_REMOTEUSEREXTRACTOR_PARAM, + QueryServicesOptions.DEFAULT_QUERY_SERVER_REMOTEUSEREXTRACTOR_PARAM); + this.paramRemoteUserExtractor = new HttpQueryStringParameterRemoteUserExtractor(userExtractParam); + } + + @Override + public String extract(HttpServletRequest request) throws RemoteUserExtractionException { + if (request.getParameter(userExtractParam) != null) { + String extractedUser = paramRemoteUserExtractor.extract(request); + UserGroupInformation ugi = UserGroupInformation.createRemoteUser(request.getRemoteUser()); + UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(extractedUser, ugi); --- End diff -- Hi @joshelser, I think I understand your concern of the edge cases. I originally wanna add it just for kerberos cases, but I thought user extract could be extended to simple auth as well in the future, but seems a lot more work needs to be done than I thought. Also like you said most people just want point1. I think for this jira just add it for the kerberos case is more practical. > Enable proxy access to Phoenix query server for third party on behalf of end > users > ---------------------------------------------------------------------------------- > > Key: PHOENIX-3598 > URL: https://issues.apache.org/jira/browse/PHOENIX-3598 > Project: Phoenix > Issue Type: Improvement > Reporter: Jerry He > Assignee: Shi Wang > Attachments: 0001-PHOENIX-3598.patch > > > This JIRA tracks the follow-on work of CALCITE-1539 needed on Phoenix query > server side. -- This message was sent by Atlassian JIRA (v6.4.14#64029)