You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/09 02:44:28 UTC
[jira] [Commented] (HIVE-13418) HiveServer2 HTTP mode should
support X-Forwarded-Host header for authorization/audits
[ https://issues.apache.org/jira/browse/HIVE-13418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15233229#comment-15233229 ]
ASF GitHub Bot commented on HIVE-13418:
---------------------------------------
GitHub user thejasmn opened a pull request:
https://github.com/apache/hive/pull/69
HIVE-13418
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/thejasmn/hive HIVE-13418
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/hive/pull/69.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #69
----
commit 9afad78243c0eeedd7571ac7961f177ebf20e771
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-08T06:35:25Z
set x-forwarded-for
commit 400406a0765253f14e570061375923431d7f304c
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-08T06:38:02Z
set forwarded address in HiveAuthzContext
commit ef438d7498cac59a665b92c5d3e5fffb6bbdac19
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-08T21:23:55Z
add test in TestThriftHttpCLIService
commit a475bf1d077acf7335f4efcbcdd6bce7e75017fb
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-08T21:47:34Z
rename impls of ThriftCLIServiceTest
commit eb6982c9f013f02df26ff7ea8d78e658224c4f95
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-08T21:48:38Z
reorganize ThriftCLIServiceTest tests
commit a3cac6ef692dcd1c89405e0cead4a0d949613122
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-08T21:53:47Z
rename test class
commit e31cd18d7fd9be2ba0373949fa2e39d19a4aa943
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-08T21:53:58Z
new classname
commit c48a21fab62f11f17213f2680cd414e69e155398
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-09T00:17:55Z
test now checks the forwarded ips passed on
commit 131cd7208cc8e244a312253d63a250d7541f0a90
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-09T00:19:04Z
fix test imports
commit ac227e05d931a906987a53cfcccf31b37fa8b95e
Author: Thejas Nair <th...@hortonworks.com>
Date: 2016-04-09T00:40:07Z
fix test compile, post rebase
----
> HiveServer2 HTTP mode should support X-Forwarded-Host header for authorization/audits
> -------------------------------------------------------------------------------------
>
> Key: HIVE-13418
> URL: https://issues.apache.org/jira/browse/HIVE-13418
> Project: Hive
> Issue Type: New Feature
> Components: Authorization, HiveServer2
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
>
> Apache Knox acts as a proxy for requests coming from the end users. In these cases, the IP address that HiveServer2 passes to the authorization/audit plugins via the HiveAuthzContext object is the IP address of the proxy, and not the end user.
> For auditing and authorization purposes, the IP address of the end use is more meaningful.
> HiveServer2 should pass the information from 'X-Forwarded-Host' header to the HiveAuthorizer plugins if the request is coming from a trusted proxy.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)