You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Dilli Arumugam (JIRA)" <ji...@apache.org> on 2014/03/25 01:25:44 UTC

[jira] [Created] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary

Dilli Arumugam created HIVE-6738:
------------------------------------

             Summary: HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
                 Key: HIVE-6738
                 URL: https://issues.apache.org/jira/browse/HIVE-6738
             Project: Hive
          Issue Type: Improvement
          Components: HiveServer2
            Reporter: Dilli Arumugam
            Assignee: Dilli Arumugam


See already implemented JIra
 https://issues.apache.org/jira/browse/HIVE-5155
Support secure proxy user access to HiveServer2

That fix expects the hive.server2.proxy.user parameter to come in Thrift body.

When an intermediary gateway like Apache Knox is authenticating the end client and then proxying the request to HiveServer2,  it is not practical for the intermediary like Apache Knox to modify thrift content.

Intermediary like Apache Knox should be able to assert doAs in a query parameter. This paradigm is already established by other Hadoop ecosystem components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be aligned with them.

The doAs asserted in query parameter should override if doAs specified in Thrift body.




--
This message was sent by Atlassian JIRA
(v6.2#6252)