----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58429/ -----------------------------------------------------------
Review request for Ambari, Attila Doroszlai, Henning Kropp, and Robert Levas. Bugs: AMBARI-20760 https://issues.apache.org/jira/browse/AMBARI-20760 Repository: ambari Description ------- After setting up PAM, tried to login as PAM user and access hive view, user home test fails with the error as in screen shot. This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was not incorporated in the code. Pasting the comment from Henning below. Something we noticed is that in a secured cluster we have issues with the views, getting the following exception for the Hive view as an example: Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to validate proxy privilege of ambari for org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119:33:32, ..... sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege of ambari for org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119), serverProtocolVersion:null) As you can see it tries to impersonte "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119:33:32". Changing the UsernamePasswordAuthenticationToken from Principal to username fixes this. So instead of : UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(principal, null, userAuthorities); We use: UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUserName(), null, userAuthorities); What could potential also work is, overriding toString of the principal like: Principal principal = new Principal() { @Override public String getName() { return user.getUserName(); } @Override public String toString() { return user.getUserName().toString(); } }; We did not test this! Testing ------- Ran mvn test and also manually tested the scenario Thanks, Anita Jebaraj