[
https://issues.apache.org/jira/browse/PHOENIX-4168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16155917#comment-16155917
]
Josh Elser commented on PHOENIX-4168:
-------------------------------------
Thanks for the ping, James!
[~alexaraujo], letting these RemoteUserExtractors be pluggable was definitely a
design goal (and custom implementations would be awesome!). If you have the
motivation to build some implementations for x509 (or other things), I'd love
to help shepherd those into Avatica as well for others to re-use.
That said, this seems like a nice, straightforward change to PQS that hooks
into Phoenix's existing InstanceResolver class with a test class! +1 pending QA
One minor nit:
{code}
+ Assert.assertTrue(extractor instanceof
QueryServer.PhoenixRemoteUserExtractor);
{code}
It would be nice to include an error message on this call that informs us what
kind of object {{extractor}} actually was.
Looking forward to seeing what else you have in mind to build on top of this :)
> Pluggable Remote User Extraction for Phoenix Query Server
> ---------------------------------------------------------
>
> Key: PHOENIX-4168
> URL: https://issues.apache.org/jira/browse/PHOENIX-4168
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Alex Araujo
> Assignee: Alex Araujo
> Priority: Minor
> Attachments: PHOENIX-4168.v1.patch
>
>
> PQS supports impersonation by pulling a user's identity from an HTTP
> parameter. Make this pluggable to allow other forms of extraction (for
> example, pulling the identity out of an X509Certificate).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
