phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-3598) Enable proxy access to Phoenix query server for third party on behalf of end users
Date Tue, 27 Jun 2017 22:42:00 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-3598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16065615#comment-16065615
] 

ASF GitHub Bot commented on PHOENIX-3598:
-----------------------------------------

Github user joshelser commented on a diff in the pull request:

    https://github.com/apache/phoenix/pull/265#discussion_r124414777
  
    --- Diff: phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
---
    @@ -273,6 +282,54 @@ public int run(String[] args) throws Exception {
         }
       }
     
    +  // add remoteUserExtractor to builder if enabled
    +  @VisibleForTesting
    +  public void setRemoteUserExtractorIfNecessary(HttpServer.Builder builder, Configuration
conf) {
    +    if (conf.getBoolean(QueryServices.QUERY_SERVER_WITH_REMOTEUSEREXTRACTOR_ATTRIB,
    +            QueryServicesOptions.DEFAULT_QUERY_SERVER_WITH_REMOTEUSEREXTRACTOR)) {
    +      builder.withRemoteUserExtractor(new PhoenixRemoteUserExtractor(conf));
    +    }
    +  }
    +
    +  /**
    +   * Use the correctly way to extract end user.
    +   */
    +
    +  static class PhoenixRemoteUserExtractor implements RemoteUserExtractor{
    +    private final HttpQueryStringParameterRemoteUserExtractor paramRemoteUserExtractor;
    +    private final HttpRequestRemoteUserExtractor requestRemoteUserExtractor;
    +    private final String userExtractParam;
    +
    +    public PhoenixRemoteUserExtractor(Configuration conf) {
    +      this.requestRemoteUserExtractor = new HttpRequestRemoteUserExtractor();
    +      this.userExtractParam = conf.get(QueryServices.QUERY_SERVER_REMOTEUSEREXTRACTOR_PARAM,
    +              QueryServicesOptions.DEFAULT_QUERY_SERVER_REMOTEUSEREXTRACTOR_PARAM);
    +      this.paramRemoteUserExtractor = new HttpQueryStringParameterRemoteUserExtractor(userExtractParam);
    +    }
    +
    +    @Override
    +    public String extract(HttpServletRequest request) throws RemoteUserExtractionException
{
    +      if (request.getParameter(userExtractParam) != null) {
    +        String extractedUser = paramRemoteUserExtractor.extract(request);
    +        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(request.getRemoteUser());
    +        UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(extractedUser,
ugi);
    --- End diff --
    
    Agreed! I think the work you've put in would be nice to support for the non-Kerberos case,
but let's not hold up this change for that.
    
    I will try to write up a test case for PQS (mini-hbase, mini-kdc, and PQS) to validate
your changes here before I commit.


> Enable proxy access to Phoenix query server for third party on behalf of end users
> ----------------------------------------------------------------------------------
>
>                 Key: PHOENIX-3598
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-3598
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Jerry He
>            Assignee: Shi Wang
>         Attachments: 0001-PHOENIX-3598.patch
>
>
> This JIRA tracks the follow-on work of CALCITE-1539 needed on Phoenix query server side.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message