commit d18ba1c1ffb6ca4271c269f1a8b257d65391ff54 Author: Thejas Nair Date: Sat Jun 13 15:49:38 2015 -0700 get doas user for cookie mode diff --git a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java index 37b6d6f..540bafd 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java @@ -338,6 +338,9 @@ public SessionState(HiveConf conf) { public SessionState(HiveConf conf, String userName) { this.conf = conf; this.userName = userName; + if (LOG.isDebugEnabled()) { + LOG.debug("SessionState user: " + userName); + } isSilent = conf.getBoolVar(HiveConf.ConfVars.HIVESESSIONSILENT); ls = new LineageState(); resourceMaps = new ResourceMaps(); diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java index e1166d3..56c8cb6 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java @@ -134,11 +134,6 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) // For a kerberos setup if (isKerberosAuthMode(authType)) { clientUserName = doKerberosAuth(request); - String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); - - if (doAsQueryParam != null) { - SessionManager.setProxyUserName(doAsQueryParam); - } } // For password based authentication else { @@ -146,8 +141,16 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } } LOG.debug("Client username: " + clientUserName); + // Set the thread local username to be used for doAs if true SessionManager.setUserName(clientUserName); + + // find proxy user if any from query param + String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); + if (doAsQueryParam != null) { + SessionManager.setProxyUserName(doAsQueryParam); + } + clientIpAddress = request.getRemoteAddr(); LOG.debug("Client IP Address: " + clientIpAddress); // Set the thread local ip address @@ -225,7 +228,7 @@ private String getClientNameFromCookie(Cookie[] cookies) { LOG.debug("Validated the cookie for user " + userName); } return userName; - } + } } // No valid HS2 generated cookies found, return null return null; @@ -522,6 +525,9 @@ private boolean isKerberosAuthMode(String authType) { } private static String getDoAsQueryParam(String queryString) { + if (LOG.isDebugEnabled()) { + LOG.debug("URL query string:" + queryString); + } if (queryString == null) { return null; }