You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Thejas M Nair (JIRA)" <ji...@apache.org> on 2016/04/04 21:50:25 UTC

[jira] [Created] (HIVE-13418) HiveServer2 HTTP mode should support X-Forward-For header for authorization/audits

Thejas M Nair created HIVE-13418:
------------------------------------

             Summary: HiveServer2 HTTP mode should support X-Forward-For header for authorization/audits
                 Key: HIVE-13418
                 URL: https://issues.apache.org/jira/browse/HIVE-13418
             Project: Hive
          Issue Type: New Feature
          Components: Authorization, HiveServer2
            Reporter: Thejas M Nair
            Assignee: Thejas M Nair


Apache Knox acts as a proxy for requests coming from the end users. In these cases, the IP address that HiveServer2 passes to the authorization/audit plugins via the HiveAuthzContext object is the IP address of the proxy, and not the end user.

For auditing and authorization purposes, the IP address of the end use is more meaningful.
HiveServer2 should pass the information from  'X-Forward-For' header to the HiveAuthorizer plugins if the request is coming from a trusted proxy.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)