diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java index d21e936..462741e 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java @@ -211,9 +211,13 @@ private String getIpAddress() { private String getUserName(TOpenSessionReq req) throws HiveSQLException { String userName; if (hiveAuthFactory != null - && hiveAuthFactory.getRemoteUser() != null) { + && hiveAuthFactory.getRemoteUser() != null + && !cliService.getHiveConf().getVar( + ConfVars.HIVE_SERVER2_TRANSPORT_MODE).equalsIgnoreCase("http")) { userName = hiveAuthFactory.getRemoteUser(); } else { + // In case of http transport mode, we set the thread local username, + // while handling each request (in ThriftHttpServlet). userName = SessionManager.getUserName(); } if (userName == null) { @@ -241,13 +245,6 @@ SessionHandle getSessionHandle(TOpenSessionReq req, TOpenSessionResp res) if (cliService.getHiveConf().getBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS) && (userName != null)) { String delegationTokenStr = null; - // In case of http transport mode, we set the thread local username, - // while handling each request (in ThriftHttpServlet), - // since SASL layer is not used in HTTP Kerberos. - if (cliService.getHiveConf().getVar( - ConfVars.HIVE_SERVER2_TRANSPORT_MODE).equalsIgnoreCase("http")) { - userName = SessionManager.getUserName(); - } try { delegationTokenStr = cliService.getDelegationTokenFromMetaStore(userName); } catch (UnsupportedOperationException e) { diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java index 4555844..255a165 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java @@ -83,11 +83,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) // Set the thread local username to be used for doAs if true SessionManager.setUserName(clientUserName); - super.doPost(request, response); - - // Clear the thread local username since we set it in each http request - SessionManager.clearUserName(); } catch (HttpAuthenticationException e) { // Send a 403 to the client @@ -97,6 +93,10 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) // Send the response back to the client response.getWriter().println("Authentication Error: " + e.getMessage()); } + finally { + // Clear the thread local username since we set it in each http request + SessionManager.clearUserName(); + } } /**