phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-3598) Enable proxy access to Phoenix query server for third party on behalf of end users
Date Mon, 26 Jun 2017 20:34:00 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-3598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16063730#comment-16063730
] 

ASF GitHub Bot commented on PHOENIX-3598:
-----------------------------------------

Github user joshelser commented on a diff in the pull request:

    https://github.com/apache/phoenix/pull/265#discussion_r124112286
  
    --- Diff: phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
---
    @@ -274,6 +282,47 @@ public int run(String[] args) throws Exception {
       }
     
       /**
    +   * Use the correctly way to extract end user.
    +   */
    +
    +  static class PhoenixRemoteUserExtractor implements RemoteUserExtractor{
    +    private final HttpQueryStringParameterRemoteUserExtractor paramRemoteUserExtractor;
    +    private final HttpRequestRemoteUserExtractor requestRemoteUserExtractor;
    +    private final boolean enableDoAs;
    +    private final String doAsParam;
    +
    +    public PhoenixRemoteUserExtractor(Configuration conf) {
    +      this.requestRemoteUserExtractor = new HttpRequestRemoteUserExtractor();
    +      this.doAsParam = conf.get(QueryServices.QUERY_SERVER_DOAS_PARAM,
    +              QueryServicesOptions.DEFAULT_QUERY_SERVER_DOAS_PARAM);
    +      this.paramRemoteUserExtractor = new HttpQueryStringParameterRemoteUserExtractor(doAsParam);
    +      this.enableDoAs = conf.getBoolean(QueryServices.QUERY_SERVER_DOAS_ENABLED_ATTRIB,
    +              QueryServicesOptions.DEFAULT_QUERY_SERVER_DOAS_ENABLED);
    +    }
    +
    +    @Override
    +    public String extract(HttpServletRequest request) throws RemoteUserExtractionException
{
    +      if (request.getParameter(doAsParam) != null && enableDoAs) {
    +        String doAsUser = paramRemoteUserExtractor.extract(request);
    +        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(request.getRemoteUser());
    +        UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(doAsUser,
ugi);
    +
    +        // Check if this user is allowed to be impersonated.
    +        // Will throw AuthorizationException if the impersonation as this user is not
allowed
    +        try {
    +          ProxyUsers.authorize(proxyUser, request.getRemoteAddr());
    +          return doAsUser;
    +        } catch (AuthorizationException e) {
    +          throw new RemoteUserExtractionException(e.getMessage());
    --- End diff --
    
    Can the exception be passed into the RemoteUserExtractionException instead of just the
message? (to preserve the stack trace)


> Enable proxy access to Phoenix query server for third party on behalf of end users
> ----------------------------------------------------------------------------------
>
>                 Key: PHOENIX-3598
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-3598
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Jerry He
>            Assignee: Shi Wang
>         Attachments: 0001-PHOENIX-3598.patch
>
>
> This JIRA tracks the follow-on work of CALCITE-1539 needed on Phoenix query server side.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message