[
https://issues.apache.org/jira/browse/PHOENIX-3598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16065615#comment-16065615
]
ASF GitHub Bot commented on PHOENIX-3598:
-----------------------------------------
Github user joshelser commented on a diff in the pull request:
https://github.com/apache/phoenix/pull/265#discussion_r124414777
--- Diff:
phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
---
@@ -273,6 +282,54 @@ public int run(String[] args) throws Exception {
}
}
+ // add remoteUserExtractor to builder if enabled
+ @VisibleForTesting
+ public void setRemoteUserExtractorIfNecessary(HttpServer.Builder
builder, Configuration conf) {
+ if
(conf.getBoolean(QueryServices.QUERY_SERVER_WITH_REMOTEUSEREXTRACTOR_ATTRIB,
+
QueryServicesOptions.DEFAULT_QUERY_SERVER_WITH_REMOTEUSEREXTRACTOR)) {
+ builder.withRemoteUserExtractor(new
PhoenixRemoteUserExtractor(conf));
+ }
+ }
+
+ /**
+ * Use the correctly way to extract end user.
+ */
+
+ static class PhoenixRemoteUserExtractor implements RemoteUserExtractor{
+ private final HttpQueryStringParameterRemoteUserExtractor
paramRemoteUserExtractor;
+ private final HttpRequestRemoteUserExtractor
requestRemoteUserExtractor;
+ private final String userExtractParam;
+
+ public PhoenixRemoteUserExtractor(Configuration conf) {
+ this.requestRemoteUserExtractor = new
HttpRequestRemoteUserExtractor();
+ this.userExtractParam =
conf.get(QueryServices.QUERY_SERVER_REMOTEUSEREXTRACTOR_PARAM,
+
QueryServicesOptions.DEFAULT_QUERY_SERVER_REMOTEUSEREXTRACTOR_PARAM);
+ this.paramRemoteUserExtractor = new
HttpQueryStringParameterRemoteUserExtractor(userExtractParam);
+ }
+
+ @Override
+ public String extract(HttpServletRequest request) throws
RemoteUserExtractionException {
+ if (request.getParameter(userExtractParam) != null) {
+ String extractedUser = paramRemoteUserExtractor.extract(request);
+ UserGroupInformation ugi =
UserGroupInformation.createRemoteUser(request.getRemoteUser());
+ UserGroupInformation proxyUser =
UserGroupInformation.createProxyUser(extractedUser, ugi);
--- End diff --
Agreed! I think the work you've put in would be nice to support for the
non-Kerberos case, but let's not hold up this change for that.
I will try to write up a test case for PQS (mini-hbase, mini-kdc, and PQS)
to validate your changes here before I commit.
> Enable proxy access to Phoenix query server for third party on behalf of end
> users
> ----------------------------------------------------------------------------------
>
> Key: PHOENIX-3598
> URL: https://issues.apache.org/jira/browse/PHOENIX-3598
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Jerry He
> Assignee: Shi Wang
> Attachments: 0001-PHOENIX-3598.patch
>
>
> This JIRA tracks the follow-on work of CALCITE-1539 needed on Phoenix query
> server side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
