You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/09 02:44:28 UTC

[jira] [Commented] (HIVE-13418) HiveServer2 HTTP mode should support X-Forwarded-Host header for authorization/audits

    [ https://issues.apache.org/jira/browse/HIVE-13418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15233229#comment-15233229 ] 

ASF GitHub Bot commented on HIVE-13418:
---------------------------------------

GitHub user thejasmn opened a pull request:

    https://github.com/apache/hive/pull/69

    HIVE-13418

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/thejasmn/hive HIVE-13418

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/hive/pull/69.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #69
    
----
commit 9afad78243c0eeedd7571ac7961f177ebf20e771
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-08T06:35:25Z

    set x-forwarded-for

commit 400406a0765253f14e570061375923431d7f304c
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-08T06:38:02Z

    set forwarded address in HiveAuthzContext

commit ef438d7498cac59a665b92c5d3e5fffb6bbdac19
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-08T21:23:55Z

    add test in TestThriftHttpCLIService

commit a475bf1d077acf7335f4efcbcdd6bce7e75017fb
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-08T21:47:34Z

    rename impls of ThriftCLIServiceTest

commit eb6982c9f013f02df26ff7ea8d78e658224c4f95
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-08T21:48:38Z

    reorganize   ThriftCLIServiceTest tests

commit a3cac6ef692dcd1c89405e0cead4a0d949613122
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-08T21:53:47Z

    rename test class

commit e31cd18d7fd9be2ba0373949fa2e39d19a4aa943
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-08T21:53:58Z

    new classname

commit c48a21fab62f11f17213f2680cd414e69e155398
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-09T00:17:55Z

    test now checks the forwarded ips passed on

commit 131cd7208cc8e244a312253d63a250d7541f0a90
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-09T00:19:04Z

    fix test imports

commit ac227e05d931a906987a53cfcccf31b37fa8b95e
Author: Thejas Nair <th...@hortonworks.com>
Date:   2016-04-09T00:40:07Z

    fix test compile, post rebase

----


> HiveServer2 HTTP mode should support X-Forwarded-Host header for authorization/audits
> -------------------------------------------------------------------------------------
>
>                 Key: HIVE-13418
>                 URL: https://issues.apache.org/jira/browse/HIVE-13418
>             Project: Hive
>          Issue Type: New Feature
>          Components: Authorization, HiveServer2
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>
> Apache Knox acts as a proxy for requests coming from the end users. In these cases, the IP address that HiveServer2 passes to the authorization/audit plugins via the HiveAuthzContext object is the IP address of the proxy, and not the end user.
> For auditing and authorization purposes, the IP address of the end use is more meaningful.
> HiveServer2 should pass the information from  'X-Forwarded-Host' header to the HiveAuthorizer plugins if the request is coming from a trusted proxy.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)