hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas M Nair (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HIVE-13418) HiveServer2 HTTP mode should support X-Forward-For header for authorization/audits
Date Mon, 04 Apr 2016 19:50:25 GMT
Thejas M Nair created HIVE-13418:
------------------------------------

             Summary: HiveServer2 HTTP mode should support X-Forward-For header for authorization/audits
                 Key: HIVE-13418
                 URL: https://issues.apache.org/jira/browse/HIVE-13418
             Project: Hive
          Issue Type: New Feature
          Components: Authorization, HiveServer2
            Reporter: Thejas M Nair
            Assignee: Thejas M Nair


Apache Knox acts as a proxy for requests coming from the end users. In these cases, the IP
address that HiveServer2 passes to the authorization/audit plugins via the HiveAuthzContext
object is the IP address of the proxy, and not the end user.

For auditing and authorization purposes, the IP address of the end use is more meaningful.
HiveServer2 should pass the information from  'X-Forward-For' header to the HiveAuthorizer
plugins if the request is coming from a trusted proxy.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message