You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@thrift.apache.org by Vlad Gudikov <vg...@gmail.com> on 2017/09/15 07:47:30 UTC

Thrift SaslServer doesn't return impersonated user when sasl enabled

down votefavorite
<https://stackoverflow.com/questions/46234365/thrift-saslserver-doesnt-return-impersonated-user-when-sasl-enabled#>

Currently I've got some client code that have impersonation using
UserGroupInformation.

UserGroupInformation ugi =
UserGroupInformation.createProxyUser("user",
UserGroupInformation.getCurrentUser());
        ugi.doAs(new PrivilegedExceptionAction<Void>() {
            @Override
            public Void run() throws Exception {

We have Sasl Server that is trying to authorize user as follows:

TTransport trans = inProt.getTransport();
        if (!(trans instanceof TSaslServerTransport)) {
          throw new TException("Unexpected non-SASL transport " +
trans.getClass());
        }
        TSaslServerTransport saslTrans = (TSaslServerTransport)trans;
        SaslServer saslServer = saslTrans.getSaslServer();
        String authId = saslServer.getAuthorizationID();

Method saslServer.getAuthorizationID()always returns a proxyUser(that
impersonates other user) that we get from
UserGroupInformation.getCurrentUser(). Is this possible to somehow get user
that should be impersonated?