hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dilli Arumugam (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
Date Thu, 27 Mar 2014 00:06:14 GMT

     [ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dilli Arumugam updated HIVE-6738:
---------------------------------

    Attachment: HIVE-6738.patch

Patch implementing the enhancement.
This has to go in after the patch for HIVE-6697 that is pending in queue is merged.


> HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
> ----------------------------------------------------------------------------------------
>
>                 Key: HIVE-6738
>                 URL: https://issues.apache.org/jira/browse/HIVE-6738
>             Project: Hive
>          Issue Type: Improvement
>          Components: HiveServer2
>            Reporter: Dilli Arumugam
>            Assignee: Dilli Arumugam
>         Attachments: HIVE-6738.patch, hive-6738-req-impl-verify.md
>
>
> See already implemented JIra
>  https://issues.apache.org/jira/browse/HIVE-5155
> Support secure proxy user access to HiveServer2
> That fix expects the hive.server2.proxy.user parameter to come in Thrift body.
> When an intermediary gateway like Apache Knox is authenticating the end client and then
proxying the request to HiveServer2,  it is not practical for the intermediary like Apache
Knox to modify thrift content.
> Intermediary like Apache Knox should be able to assert doAs in a query parameter. This
paradigm is already established by other Hadoop ecosystem components like WebHDFS, WebHCat,
Oozie and HBase and Hive needs to be aligned with them.
> The doAs asserted in query parameter should override if doAs specified in Thrift body.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message