[HIVE-6738] HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.13.0
Fix Version/s: 0.13.0
Component/s: HiveServer2
Labels:
None

Hadoop Flags:

Reviewed

Description

See already implemented JIra
https://issues.apache.org/jira/browse/HIVE-5155
Support secure proxy user access to HiveServer2

That fix expects the hive.server2.proxy.user parameter to come in Thrift body.

When an intermediary gateway like Apache Knox is authenticating the end client and then proxying the request to HiveServer2, it is not practical for the intermediary like Apache Knox to modify thrift content.

Intermediary like Apache Knox should be able to assert doAs in a query parameter. This paradigm is already established by other Hadoop ecosystem components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be aligned with them.

The doAs asserted in query parameter should override if doAs specified in Thrift body.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

hive-6738-req-impl-verify.md
27/Mar/14 00:02
4 kB
Dilli Arumugam
HIVE-6738.patch
27/Mar/14 00:04
6 kB
Dilli Arumugam
hive-6738-req-impl-verify-rev1.md
27/Mar/14 14:00
4 kB
Dilli Arumugam
HIVE-6738.1.patch
28/Mar/14 21:09
6 kB
Dilli Arumugam

Issue Links

blocks

HIVE-6837 HiveServer2 thrift/http mode & binary mode proxy user check fails reporting IP null for client

Resolved

is related to

HIVE-6625 HiveServer2 running in http mode should support trusted proxy access

Resolved

HIVE-5155 Support secure proxy user access to HiveServer2

Resolved

HIVE-6697 HiveServer2 secure thrift/http authentication needs to support SPNego

Resolved

links to

Review Board

Activity

People

Assignee:: Dilli Arumugam

Reporter:: Dilli Arumugam

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 25/Mar/14 00:25

Updated:: 06/Apr/14 07:35

Resolved:: 05/Apr/14 23:29