Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-13867

restore HiveAuthorizer interface changes

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 2.1.0
    • 2.1.0
    • None
    • None

    Description

      TLDR: Some of the changes to hive authorizer interface made as part of HIVE-13360 are inappropriate and need to be restored.

      Regarding the move of ip address from the query context object (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place for it.​
      In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 , every request for single session does not have to come via a single IP address.
      Current assumption in hive code base is that the IP address is valid for the entire session. This might not hold true for ever.
      A limitation in HS2 that it holds state for the session would currently force the user configure proxies and knox to remember which next Host it was using, because they need to have state to remember the HS2 instance to be used! But that is a limitation that ideally goes away some day, and when that happens, HiveAuthzContext would be the right place for keeping the IP address!

      Attachments

        1. HIVE-13867.1.patch
          37 kB
          Thejas Nair

        Issue Links

          is related to

          Sub-task - The sub-task of the issue HIVE-13360 Refactoring Hive Authorization

          • Major - Major loss of function.
          • Closed

          Activity

            People

              thejas Thejas Nair
              thejas Thejas Nair
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: