g3rg0 commented on code in PR #4774:
URL: https://github.com/apache/hive/pull/4774#discussion_r1349686711
##########
service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java:
##########
@@ -283,7 +283,7 @@ protected void doPost(HttpServletRequest request,
HttpServletResponse response)
}
// Send a 401 to the client
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- if(isAuthTypeEnabled(request, HiveAuthConstants.AuthTypes.KERBEROS)) {
+ if(authType.isEnabled(HiveAuthConstants.AuthTypes.KERBEROS)) {
Review Comment:
> The `SpnegoAuthInterceptor` will go for Kerberos authentication only when
Knox enables the Kerberos, so if the HS2 is Kerberos based, the auth will be
success finally. For other cases without the gateway, the `e` should not be an
instance of `HttpEmptyAuthenticationException`, so we don't add the extra
header to the response.
>
> What do you think?
Makes sense to me. I've updated the code with your suggestion and also added
a new unit test to check this behavior.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
